godfetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public third‑party content as part of its core workflow—e.g., git-clone for public GitHub/git repos, ctx7 docs (including the --research mode that runs live web searches and reads source repos), WebSearch/WebFetch, gh api for issues/PRs, and the deps.dev API—so the agent will read untrusted, user-generated web content that can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes runtime git cloning of arbitrary repositories (e.g., https://github.com/{owner}/{repo}.git or git@github.com:{owner}/{repo}.git via scripts/git-clone.sh), which fetches remote source that is then read into the agent context (and ctx7's optional --research can spin up agents that pull and inspect repos), meaning remote content can directly influence prompts or lead to executing fetched code.