meeting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md Step 1 explicitly requires fetching and reading GitHub/GitLab issue details (description, labels, comments, linked MRs) as context, which ingests untrusted, user-generated content that the agent uses to drive sub-agents and decision-making.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches GitHub/GitLab issue details at runtime and injects the issue text/labels/comments into sub-agent prompts (e.g. GitHub/GitLab issue URLs such as https://github.com///issues/ or https://gitlab.com///-/issues/), meaning external issue content can directly control agent instructions.