idea-coach

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's CLI and SKILL.md show explicit GitHub integration and the runtime script (scripts/coach.py — functions like run_gh_command/get_repo_info/get_repo_commits/link_repo/get_repo_status/sync_as_issue) fetches repository metadata and commit data from arbitrary public GitHub repos (user-generated, untrusted) and uses that data in workflows such as linking, status checks, and syncing issues, which could allow indirect prompt-injection via repo descriptions/commit messages influencing behavior.