replicate-issue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses untrusted, user-generated GitHub issue content using "gh issue view $ARGUMENTS" and then instructs the agent to build test plans and drive browser/API actions based on the issue title/body/comments, so third‑party issue text can directly influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs the gh CLI at runtime ("gh issue view $ARGUMENTS") to fetch GitHub issue content from GitHub (e.g., https://api.github.com or github.com) and then parses that remote issue body to generate reproduction steps and drive the agent's actions, so external content directly controls the agent's instructions.