contribute-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly clones and reads content from an arbitrary GitHub repo (Step 3: git clone --depth 1 https://github.com/<repo>.git /tmp/contribute-skill and then reads /tmp/contribute-skill/.claude/skills/add-skill.md), so it ingests untrusted public third-party content that directly informs how files are generated, modified, and what PR actions to take.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs git clone --depth 1 https://github.com/.git at runtime and then reads /tmp/contribute-skill/.claude/skills/add-skill.md from that cloned repo to drive how it constructs prompts and SKILL content, so the GitHub URL (https://github.com/.git) is a runtime external dependency that injects instructions into the agent.