god-mode

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and ingests untrusted, user-provided GitHub content (commit history, PRs, issues) via github_fetch_commits/github_fetch_prs in scripts/lib/providers/github.sh and pulls remote agent files with gh api in scripts/lib/analysis/agents.sh, then includes that agents.md content and commit patterns in the LLM analysis prompt (scripts/commands/agents.sh), so arbitrary third-party data can inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the GitHub API at runtime via the gh CLI (gh api "repos///contents/") to fetch agents.md/other instruction files and then decodes and injects that content directly into the LLM prompt, so remote repo content can control agent instructions (e.g. https://api.github.com/repos///contents/agents.md).