Ark Setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 1 explicitly allows cloning a user-provided GitHub repo ("If the user provided an org/repo, use that" and git clone ...), and the workflow builds and runs code from that repository (ark-cli), so it ingests and acts on arbitrary public/user-generated content from third-party sources.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill clones and uses code from git@github.com:mckinsey/agents-at-scale-ark.git at runtime (git clone ... then build and run node tools/ark-cli/dist/index.js), which fetches and executes remote code from that repository, making it a required runtime dependency that can control execution.