oma-dev-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required release workflows (e.g., tasks.release:check and tasks.release:verify in resources/release-coordination.md and SKILL.md) explicitly run GitHub CLI commands (bunx gh pr list, gh release list/view) that fetch PRs/releases from GitHub (public, user-generated content) and the outputs are read/used to make release decisions, so untrusted third-party content can influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's prerequisites explicitly instruct running "curl https://mise.run | sh", which fetches and immediately executes remote code during setup and is a required dependency for the skill (mise), so this is a runtime external URL that executes remote code.