github-ops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts (e.g., scripts/publish_issues.ps1) call gh commands like "gh issue list --repo ..." and "gh project item-list ..." to fetch GitHub issues and project items (user-generated, potentially public content) and then parse that content to decide whether to create, update, close, archive issues and sync project dates, so third‑party content can materially influence actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (low risk: 0.30). The skill primarily performs GitHub/remote operations and user-level file moves, so it does not request sudo, edit system files, or create users, but it does instruct using "powershell -ExecutionPolicy Bypass" which explicitly bypasses a local security mechanism, so there is a small but non-zero risk.