pai-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and analyzes content from the public GitHub repository "github.com/danielmiessler/Personal_AI_Infrastructure" (README.md, CLAUDE.md, Packs/, releases, and recent commits), which is untrusted third-party/user-generated content that the agent will read and interpret as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs at runtime to fetch files (e.g., README.md and CLAUDE.md) from https://github.com/danielmiessler/Personal_AI_Infrastructure and use them to drive analysis and agent behavior, meaning remote repository content would directly influence prompts/instructions during execution.