analyze-github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly clones and reads arbitrary public GitHub repositories (Step 0), performs web searches to locate repos when only keywords are provided (Branch C), and scans user-generated content like Issues/Discussions/Release Notes in Step 1 ("Community signal scanning"), so it ingests untrusted third‑party content that can materially influence its analysis and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly clones and reads user-supplied GitHub repositories at runtime (e.g., via REPO_URL like https://github.com// using gh repo clone / git clone --depth=1 "$REPO_URL"), and then ingests those repository files to drive its analysis/output, meaning external content fetched at runtime directly controls the agent's prompts/context.