codeql

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's build scripts and docs explicitly download and auto-discover public query packs (e.g., scripts/codeql-build-all.sh uses codeql pack download --dir "$CODEQL_DIR/packs" codeql/${lang}-queries and README references downloading Trail of Bits packs), and those third-party QL query packs are executed by CodeQL as part of analysis, so untrusted external query content can influence tool behavior and results.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scripts call commands like codeql pack download --dir "$CODEQL_DIR/packs" codeql/${lang}-queries and codeql pack download trailofbits/cpp-queries trailofbits/go-queries at runtime, which fetch remote CodeQL query packs (remote query code) that are then executed by codeql database analyze, so external content is fetched and executed during runtime.