devops-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly clones and operates on the provided Git URL (Phase 1 and the Tier 2 Task prompt), meaning it fetches and reads arbitrary user-supplied/public repository contents which the agent uses to decide and perform multi-step code changes, exposing it to untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires cloning the user-supplied Git URL (Pantheon SSH or GitHub HTTPS/SSH) at runtime and then installs Composer dependencies and applies repository changes, so the fetched repository content (from the provided git URL) can cause remote code to be executed and directly influence the agent's actions.