solo-github-outreach

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated GitHub content (README and Cargo.toml via gh api in SKILL.md "Step 2: Read README" and scripts/evaluate.py's gh_content), and the agent is expected to read/interpret that content to score repos and draft personalized issue text, so untrusted third-party content can materially influence decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes GitHub API endpoints at runtime (e.g., via "gh api repos/{owner}/{repo}/contents/README.md" and "gh api repos/{owner}/{repo}") and may git-clone repositories (git clone --depth 1 {url}); the fetched README/Cargo.toml and repo contents are injected into the evaluation/drafting flow and therefore directly influence generated issue prompts, meeting the criteria for a runtime external content dependency.