ted-mosby

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and fetches repositories via the -r/--repo option (e.g., "ted-mosby generate -r https://github.com/user/repo" in Quick Start/Command Reference), meaning the agent will ingest arbitrary, user-generated code from GitHub and other public URLs which could contain untrusted content that enables indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime "ted-mosby generate -r https://github.com/user/repo" accepts and fetches an external GitHub repository URL (e.g., https://github.com/user/repo), and that fetched repository content is injected into the generation process/model context to drive prompts and outputs, so external content can directly control agent behavior.