agentforge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and ingests public, user-generated GitHub content (repo metadata and open issue threads) — e.g., agentforge/github/searcher.py and agentforge/collector/data.py (_fetch_repo_issues/_collect_github_insights) — and then passes those external summaries into Claude via agentforge/github/analyzer.py and agentforge/collector/data.py (ask_json) to drive gap-analysis, recommendations, and MVP generation, so untrusted third‑party content can materially influence agent decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime fetches from the GitHub API (https://api.github.com — e.g., /search/repositories and /repos/{owner}/{repo}/issues) and injects the returned repo/issue JSON directly into Claude prompts for gap analysis and brief/MVP generation, so remote content controls the agent's prompts and is relied upon for core functionality.