inno-code-survey

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly searches and clones public GitHub repositories via scripts/github_search_clone.py / the GitHub API (Phase A) and then instructs the Code Survey Agent to read README.md and source files under Experiment/code_references/ and use that code to drive mapping and implementation decisions (Phase B), meaning untrusted third‑party content is ingested and can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes GitHub at runtime (e.g., https://api.github.com/search/repositories and cloning repositories like https://github.com/user/repo.git) to fetch external repository code which is then read and injected into the agent's prompts/reports, so remote content fetched during execution can directly influence agent instructions and outputs.