implement-issue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests GitHub issue bodies and all issue comments via gh issue view <N> (see SKILL.md and references/workflow.md) and uses that untrusted, user-generated content as direct input to planning/execution decisions, so third-party issue/comment text could influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs a runtime install command ("npx skills add thatjuan/agent-skills --skill team-executor") to fetch and execute the remote team-executor skill (from the thatjuan/agent-skills package), which would load external code that directly controls agent prompts and orchestration—this is a required runtime dependency and thus flagged.