ah-verify-requirements-coverage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and parses user-generated GitHub content (e.g., PR bodies via gh pr view and issue bodies via gh issue view) and uses those texts to extract requirements and drive coverage decisions, so untrusted third-party content can influence the agent's analysis and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs GitHub CLI/API commands at runtime (e.g., gh pr view, gh issue view, gh api graphql) which fetch PR/issue/diff content from GitHub (https://api.github.com and example PR URL https://github.com/owner/repo/pull/123) and inject that content into the agent's analysis, thus directly controlling prompts.