Authentication and Credentials for Agentic Workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows explicitly fetch and process user-generated GitHub content (for example .github/workflows/agent-pr-review.yml invoking scripts/agents/pr-reviewer.js and code using octokit.pulls.get to read PRs/issues), meaning the agent ingests untrusted third‑party content (PRs/issues) that can directly influence its decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill config runs an external MCP server via npx ("@modelcontextprotocol/server-github") and calls the external MCP endpoint https://api.githubcopilot.com/mcp/insiders at runtime, which fetches and executes remote code and can directly influence agent context/prompts.