skypilot-multi-cloud-orchestration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly documents fetching and using arbitrary external content—e.g., "workdir: url: https://github.com/user/repo.git" in references/advanced-usage.md and mounting s3:// or gs:// storage in file_mounts—so the agent would ingest and execute untrusted, user-provided repository or bucket content that could change runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a runtime "workdir" git fetch (workdir: url: https://github.com/user/repo.git) which will clone remote code at job launch and that code can be executed by the task's setup/run commands, so it is a high-confidence runtime external dependency that can directly control executed code.