ito-browser-verify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Step 2 and references/input-resolution.md explicitly require fetching GitHub issue bodies via "gh issue view" (public, user-generated content) and then extracting acceptance criteria that directly drive planning and browser actions, so untrusted third‑party content can influence the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches GitHub issue content at runtime using commands like gh issue view <url> for inputs matching https://github.com///issues/, and that external issue body is injected as the raw acceptance-criteria text which directly controls the agent’s planning/prompts, so this URL pattern is a high-confidence runtime dependency that can influence agent instructions.