blitz

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to fetch and ingest GitHub issue text (e.g., "gh issue view" in Phase 3 and Phase 4.5 of SKILL.md) and to include the exact, user-generated issue requirements in agent prompts and decision gates, so untrusted third-party issue content can directly influence agent actions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches GitHub issue content at runtime with commands like gh issue view (GitHub Issues API e.g. https://api.github.com/repos/OWNER/REPO/issues/) and injects those exact requirements into agent prompts—directly controlling agent instructions—and also uses gh api repos/OWNER/REPO/pulls/NUMBER/reviews to post reviews, so the GitHub API endpoints are a required runtime dependency that control agent behavior.