session-inspector

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and combines GitHub issue comments via the "extract-session-from-issue" workflow (see SKILL.md / references/tools.md: "Extracts and combines chunked session content from GitHub issue comments"), which are public user-generated inputs that the agent parses and uses to reconstruct sessions and drive follow-up actions like creating PRs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill's "extract-session-from-issue" feature fetches GitHub issue comments at runtime (e.g. https://github.com/owner/repo/issues/123) and combines chunked session content into session XML that can be injected into the agent's context, so remote issue content can directly control prompts.