github-codebase-briefing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and read public, user-generated GitHub content—e.g., via gh api repos/<owner/repo>/contents/, gh issue list, gh pr list, gh pr diff, and by reading README/package files and issue/PR bodies—and uses that content to drive analysis and recommended actions, which could allow indirect prompt injection from untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches repository files at runtime (e.g., via "gh api repos/<owner/repo>/contents/" and "gh repo view <owner/repo>") and injects that external GitHub content into the agent's analysis, so remote repository content directly controls prompts and is a required dependency.