teardown-github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests public, user-generated content (e.g., README and source files via GitHub raw URLs in Step 3, scanning Issues/Discussions/Release Notes in Step 4, and scraping public posts on HackerNews/Reddit and other web sources in Step 2) as required parts of its teardown workflow, so untrusted third-party content can directly influence its analysis and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches repository files at runtime via GitHub/raw URLs (e.g., https://raw.githubusercontent.com/ and the user-provided https://github.com/... repo URLs) to inject source files into the agent context for analysis, which directly controls the model's input/prompting and is a required dependency for the teardown.