newproject

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and merges repository-provided, user-generated content (e.g., CLAUDE.md / AGENTS.md in Step 3.4 and commits/PRs/CHANGELOG.md used as "release inputs" in the changelog workflow), and then uses that content to produce release notes and to populate AGENTS.md (the AI guidance file), so arbitrary third-party GitHub content could indirectly inject instructions that influence automated actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.85). The skill's Python pre-commit configuration references external hook repositories (https://github.com/astral-sh/ruff-pre-commit, https://github.com/pre-commit/pre-commit-hooks, https://github.com/igorshubovych/markdownlint-cli) which are fetched during setup/runtime (pre-commit install/run) and will execute remote code as hooks, satisfying the conditions for a runtime-executed external dependency.