suggest-awesome-github-copilot-instructions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated, public content from the GitHub awesome-copilot repository (see "Process" step 1 and step 4, which require using #fetch and raw.githubusercontent.com URLs, and the "Requirements" that mandate the githubRepo/#fetch tools), and that remote content is read and used to decide which instructions to suggest or install—allowing third-party content to influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches copilot instruction files at runtime from the awesome-copilot repo (e.g., https://raw.githubusercontent.com/github/awesome-copilot/main/instructions/ and https://github.com/github/awesome-copilot/blob/main/docs/README.instructions.md), and those fetched files are external instruction content that would be injected/used to control agent prompts and are required for the skill's operation.