github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly instructs fetching GitHub issue/PR bodies and comments via commands like "gh issue view ... --json title,body,comments" and "gh api repos/OWNER/REPO/issues/NUMBER/comments" which ingest user-generated, potentially public GitHub content that the agent is expected to read and that can influence subsequent comments or actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs installing a GitHub-hosted extension with "gh extension install agbiotech/gh-sub-issue" (https://github.com/agbiotech/gh-sub-issue), which fetches and installs remote code that would be executed at runtime and is required for the sub-issue functionality.