inno-prepare-resources

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls the public GitHub Search API to collect repository names/descriptions (Step 2) and injects the concatenated, user-generated github_result into the Prepare Agent prompt (Step 4), so untrusted third‑party content can directly influence repo selection and downstream actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime GitHub API calls (GET https://api.github.com/search/repositories?q=<paper_title>&per_page=10&page=1) and injects the fetched repository search results directly into the Prepare Agent prompt, so external content can directly control the agent's instructions.