developer-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's release and verification tasks (e.g., resources/release-coordination.md: tasks like tasks.release:check, tasks.release:verify, and related scripts) call GitHub CLI commands (e.g., bunx gh pr list, bunx gh release list, bunx gh run list) which fetch public PRs/releases and run data from GitHub — untrusted, user-generated content that the workflow reads and uses to decide release-related actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's prerequisites instruct running "curl https://mise.run | sh", which fetches and pipes a remote shell script to be executed at runtime (https://mise.run), so it is a direct remote-code-execution dependency and therefore risky.