gastown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly directs the agent to fetch and read files from the public GitHub repository (Resources section: "https://github.com/steveyegge/gastown" and "Use WebFetch to read specific files from the repo") and requires reading external reference files as part of its workflow, so untrusted third‑party content could influence commands and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly directs runtime installation and fetching of remote code via Go module paths (e.g., "go install github.com/steveyegge/gastown/cmd/gt@latest" and "go install github.com/steveyegge/beads/cmd/bd@latest", mapping to https://github.com/steveyegge/gastown and https://github.com/steveyegge/beads), which will download and execute remote code and are presented as required dependencies.