PreCommit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and interprets public, untrusted content (e.g., Workflows/AddHooks.md instructs curling https://raw.githubusercontent.com/.../.pre-commit-hooks.yaml, the .pre-commit-config examples reference many https://github.com/... repos, HookValidator.ts runs pre-commit try-repo to probe remote hooks, and PreCommitManager/CI steps run pre-commit install --install-hooks which downloads remote hook code), so the agent would ingest and act on arbitrary third-party repository content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The CI workflow includes a runtime command that pipes a remote script to a shell — "curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash" — which downloads and executes remote code to install tflint (a required dependency for the terraform hooks), meeting the criteria for risky runtime remote code execution.