gastown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly asks users to provide GitHub URLs and to add projects as rigs (see "Prerequisites" and the "Setup" example "Just give me a GitHub URL and we'll hook it up" plus the gt rig add workflow), which implies the agent will clone/read public GitHub repositories (untrusted, user-generated content) and act on that content as part of its workflow, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs automatic installation at runtime using go install on repository URLs (e.g., github.com/steveyegge/gastown/cmd/gt@latest and github.com/steveyegge/beads/cmd/bd@latest), which fetches remote code that is compiled/executed and is required for the skill to operate, so these URLs constitute runtime external dependencies that execute remote code.