github-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly renders user-created GitHub Gists using https://gistpreview.github.io/?${encodeURIComponent(gistId)}, which fetches and displays arbitrary, user-generated third-party HTML content that the agent would read/preview and could carry indirect prompt-injection payloads.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly directs rendering saved HTML gists using https://gistpreview.github.io/?${encodeURIComponent(gistId)}, which at runtime loads arbitrary gist HTML/JS from an external origin (and thus can execute remote code) and is used as the built-in preview mechanism.