security-auditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's github-security.sh (called from audit.sh and documented in SKILL.md) uses the gh API to fetch Dependabot/code-scanning/secret-scanning alerts from the repository's GitHub (owner/repo), and those untrusted, user-generated GitHub findings are merged into the audit/requirement/report and can directly influence gating decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The audit orchestrator (scripts/audit.sh) invokes scripts/install-tools.sh at runtime which, when installing Trivy, runs a remote install script via curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh — fetching and executing remote code to satisfy a required tool dependency.