github-repo-hunter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly searches and fetches public GitHub repositories (Discovery Phase in SKILL.md and references/github_api.md), decodes and ingests README and metadata (references/github_api.md "Get README" and scripts/evaluate_repo.py reads repo['readme']), and uses that untrusted, user-generated content to score and automatically add/integrate repositories—meaning third-party content can materially change agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill contains runtime curl calls that dispatch GitHub Actions workflows — e.g. https://api.github.com/repos/breverdbidder/biddeed-conversational-ai/actions/workflows/insert_insight.yml/dispatches and https://api.github.com/repos/breverdbidder/life-os/actions/workflows/insert_insight.yml/dispatches — which, when invoked at runtime, trigger remote workflow execution (i.e., execute remote code), so they are high-risk external dependencies.