gog-safety

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The build script (scripts/build-gog-safe.sh) explicitly clones a public GitHub repository (UPSTREAM_REPO=https://github.com/drewburchfield/gogcli-safe.git) and runs code from that checkout as part of the required build workflow, so untrusted third‑party code/content is fetched and directly influences the produced binary and agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The build script performs a runtime git clone of and runs code from https://github.com/drewburchfield/gogcli-safe.git (git clone --branch ... followed by CGO_ENABLED=0 go run ./cmd/gen-safety), so remote code is fetched, executed, and required for the build—thus it can directly control the agent build/execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs building and deploying binaries that replace system-installed executables (installing into /usr/local/bin, backing up/restoring gog) and even includes a sudo rollback command, which directly modifies system files and requires elevated privileges.