automate-github-issues

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). No direct obfuscated payloads or hidden network exfiltration were found, but this skill grants external AI sessions (Jules) full repository access, uses repository secrets (JULES_API_KEY, GITHUB_TOKEN), dispatches agents that can modify code and produce PRs, and includes scripts/workflows that can automatically create/merge PRs — together this creates a high supply-chain/backdoor/credential risk if agents or prompts are malicious or compromised.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches open, user-generated GitHub issues via scripts/github/issues.ts (Octokit) and feeds the resulting markdown into the Jules planner (scripts/fleet-plan.ts and scripts/prompts/analyze-issues.ts / bootstrap.ts), so the agent will read and act on untrusted third-party content.