octocode-researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests content from public, user-generated sources (e.g., GitHub repositories and package registries) — see SKILL.md’s "The GitHub Flow" / "External (GitHub, packages, repos)" and references/fallbacks.md which require tools like githubSearchCode, githubGetFileContent, packageSearch and even WebFetch (Tier 3), and those external reads are used as evidence to drive LSP/analysis and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly calls githubGetFileContent / githubCloneRepo at runtime to read external repository files (e.g., https://github.com/{owner}/{repo}/blob/{branch}/{path}), which can fetch arbitrary remote content that would be injected into the agent's context and thus directly influence prompts or behavior.