skedulo-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the agent to clone and read the public GitHub repo https://github.com/skeduloDevelopers/SkeduloCLIExamples as the "source of truth" for artifact JSON schemas (see "Look up artifact schemas from the examples repo" in SKILL.md), meaning it fetches and uses third‑party content at runtime which can directly influence CLI actions and deployments.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires cloning https://github.com/skeduloDevelopers/SkeduloCLIExamples at runtime as the "source of truth" for artifact JSON schemas and directs using those files as authoritative templates, meaning remote content directly controls the agent's instructions for creating/deploying artifacts.