zentao-tour

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and role-specific docs explicitly instruct the agent to run zentao-cli commands (e.g., zentao product/story/bug/task --format=json and zentao bug create/resolve/update) against the user's ZenTao instance, ingesting user-generated content from that external server and using those results to decide which queries and write actions to take, so untrusted third-party content could materially influence tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly requires and instructs runtime use of the zentao-cli tool (install/run via npm/npx) which will fetch and execute remote package code linked from https://github.com/easysoft/zentao-cli, so this external URL represents a runtime dependency that executes remote code.