mini-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs cloning from arbitrary GitHub URLs ("Clone on the mini") and the post-receive hook may run npm install or other project scripts on the mini, which means untrusted, user-generated code from public repos/npm will be fetched and executed as part of the workflow (Steps 1 and 4).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs git clone and adds <GITHUB_URL> as a remote at runtime (e.g., "git clone <GITHUB_URL>" and post-receive hooks trigger npm install/build), so fetched repository content from <GITHUB_URL> will be pulled during execution and can cause remote code to run on the mini.