codervisor-forge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The publish CI workflow (templates/workflows/publish.yml) includes the wait-npm-propagation action that polls the public npm registry (via "npm view @scope/pkg@version") and the pipeline uses that response to gate publishing steps, so untrusted third-party registry responses are fetched and interpreted to drive tool decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The workflow templates and AGENTS instructions reference external GitHub Action repositories (e.g., codervisor/forge/actions/compute-version@main and codervisor/forge/actions/setup-workspace@main, which map to https://github.com/codervisor/forge) and these action refs are fetched and executed at CI/runtime, so they are runtime external dependencies that execute remote code.