technical-orientation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read GitHub repositories and files (e.g., "Clone and explore the repo", "Read key docs (README, CLAUDE.md, AGENTS.md)") — these are arbitrary, user-generated public web contents that the agent will ingest and use to drive its explanations and recommendations, creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly expects and instructs the agent to "clone and explore the repo" when a user shares a GitHub link (example: https://github.com/example/cool-tool), meaning runtime fetching of repository content would be injected into the agent's context and thus can directly control prompts—so this external URL usage meets the flagging criteria.