sync-template

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (SKILL.md Phase 0 Steps 0–2 and throughout) explicitly instructs the agent to clone and read a public GitHub repo (opensrc/repos/github.com/blogic-cz/blogic-template-ts) and to fetch release notes, commits, and PRs via agent-tools-gh/gh, meaning it ingests untrusted, user-generated third‑party content (repo files, release notes, PRs) that the agent is expected to interpret and use to drive decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires cloning the GitHub template repo (bun run opensrc:use blogic-cz/blogic-template-ts → opensrc/repos/github.com/blogic-cz/blogic-template-ts/) at runtime and then uses files from that repo (agent prompts/config like .github/prompts/code-review.md, AGENTS.md, .agents/skills/* and scripts) to build delegation prompts and execution steps, so the fetched remote content can directly control agent instructions and potentially execute code.