usdm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches external, user-generated content—e.g., GitHub Issues via the "gh issue view " command and Asana tasks via "get_task"/"get_tasks"—and the required workflow mandates extracting and using titles/descriptions/comments from those tickets for requirement decomposition, which exposes the agent to untrusted third-party content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill fetches ticket content at runtime from external ticket systems (e.g., GitHub Issues via the gh CLI which talks to https://api.github.com/ and Asana via get_task/get_tasks), and that fetched content is used as required input to drive the agent's decomposition/prompting flow — creating a prompt-injection risk if malicious content is returned.