production-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs the public commit.show audit (e.g., npx commitshow audit github.com/owner/repo and via https://api.commit.show/audit?...) and its workflow (Step 2–4 in SKILL.md) parses concerns and reads cited files from public GitHub repos, meaning it ingests untrusted, user-generated third‑party content that directly drives decisions and fix proposals.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs the CLI at runtime via "npx commitshow@^0.3.23" which fetches and executes remote code and queries the engine at https://api.commit.show (https://api.commit.show/audit?...), and the returned JSON (concerns[].bullet) is directly used to control agent output, so these endpoints are runtime-executed dependencies that control prompts.