ida-domain-scripting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's setup and workflow explicitly fetch and clone the public ida-domain repository from GitHub (see setup.py's git clone and get_latest_release_tag calls and SKILL.md's "This clones ida-domain from GitHub"), and that third‑party code is installed/executed and can therefore materially change runtime behavior and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). High-confidence: setup.py runs at runtime and clones/installs remote code from the repository URL https://github.com/HexRaysSA/ida-domain.git (and queries https://api.github.com/repos/HexRaysSA/ida-domain/releases/latest to pick a ref), so fetched content is required and will be executed/installed on the host.