experiment-bridge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs cloning and reading a user-supplied BASE_REPO (e.g., a GitHub repo) in Phase 2 ("git clone <BASE_REPO> base_repo/" and "Read the repo's README, understand its structure"), which causes the agent to fetch and interpret arbitrary public third-party code/content that can alter implementation and deployment actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly supports cloning a user-specified BASE_REPO at runtime (e.g., https://github.com/org/project) via "git clone <BASE_REPO>" and then implements and runs experiment code from that repository, so fetched remote code can be executed and directly affect the agent's behavior.