project-archive-done

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly uses the gh CLI to fetch GitHub Project data (e.g., "gh project item-list" and "gh project field-list" for projects at URLs like https://github.com/orgs//projects//), which are public, user-generated third‑party contents that the agent reads and uses to decide and perform archiving actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill itself operates on remote GitHub data via the gh CLI (no sudo or file edits), but it explicitly recommends disabling TLS verification in sandbox by setting GIT_SSL_NO_VERIFY=1, which is a direct security-bypass instruction and thus compromises the machine's security posture.