dune-app-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and follow content from the public GitHub repo cognitedata/dune-app-reviews (via the gh api calls to .claude/commands/dune-review.md and dune-review-verify.md), requiring the agent to read and act on those third-party instructions as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill runs gh api to fetch and decode remote files at runtime from the cognitedata/dune-app-reviews repo (repos/cognitedata/dune-app-reviews/contents/.claude/commands/dune-review.md and .../dune-review-verify.md), and then instructs the agent to follow those fetched instructions exactly, so the remote content directly controls agent behavior.