forge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 3.2 "Resource Scanning" (references/phase3.2-resource-scanning.md and phases.md) explicitly visits and reads URLs from JIRA ticket links — including Confluence pages, GitHub, and "other" links via WebFetch — and mandates reading that content to inform the implementation plan, so arbitrary/untrusted third‑party pages could inject instructions that influence subsequent planning and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.85). The skill explicitly visits arbitrary external URLs discovered in the JIRA ticket (Phase 3.2: "links.other" fetched via WebFetch) and then reads those fetched pages into the summarized_context/meta-prompter and implementation-plan generation, so those external URLs (i.e., any URL in links.other fetched at runtime via WebFetch) directly control prompts at runtime.