integration-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 0.3 "Off-band — GitHub/GitLab search" workflow in SKILL.md explicitly searches for and auto-clones third-party GitHub/GitLab repositories and then reads their code/docs to drive discovery, analysis, and automated planning, which means untrusted, user-generated web content is fetched and directly influences tool decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill auto-searches and auto-clones GitHub repositories at runtime (e.g., via "gh repo clone "{org}/{repo-name}"" / https://github.com/{org}/{repo-name}.git), and those fetched repo contents are then ingested and used to control the agent's analysis/prompting, so this is a runtime external dependency that can directly affect prompts.