flows-app-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill instructs the agent to fetch and "follow exactly" a file from a public GitHub repository (via the gh api command fetching repos/cognitedata/dune-app-reviews/.../dune-review.md), meaning untrusted third-party content would be read and used to drive the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs running the gh api command to fetch and decode remote files at runtime (gh api repos/cognitedata/dune-app-reviews/contents/.claude/commands/dune-review.md and gh api repos/cognitedata/dune-app-reviews/contents/.claude/commands/dune-review-verify.md), and explicitly tells the agent to "follow it exactly," so the fetched content directly controls agent instructions and is a required runtime dependency.