gitleaks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow instructs scanning arbitrary source repositories (e.g., "gitleaks detect --source /path/to/repo") and includes a CI example that checks out code from GitHub (actions/checkout), meaning it will ingest untrusted, user-generated repository content which the agent is expected to read and whose findings can change actions (fail CI, remediation steps).

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The prompt includes installation instructions that use sudo (e.g., sudo mv to /usr/local/bin), which instructs obtaining elevated privileges and modifying system-level files, so it risks changing the machine state.