read-github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and displays public GitHub repository documentation and arbitrary external URLs via the gitmcp.io MCP service (see scripts/gitmcp.py commands fetch-docs, search-docs, search-code and fetch-url which call fetch_{repo}_documentation and fetch_generic_url_content), so it ingests untrusted third-party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes an external MCP server at runtime (e.g., https://gitmcp.io/owner/repo) via "npx mcp-remote" to call arbitrary tools (including fetch_generic_url_content and repo-specific tool calls), which can execute remote tool logic and return text that would be injected into the agent's context, so the external content can directly control prompts or execute remote code.