auto-dev-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow is triggered by GitHub issues and issue comments (user-generated content) and optionally pulls/uses code from a public SKILLS_REPO (e.g., the claude-software-skills GitHub repo linked in the doc), so the agent will ingest and act on untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's recommended workflow uses a reusable GitHub Actions reference "uses: {SKILLS_REPO}/.github/workflows/auto-dev-reusable.yml@main" (e.g. resolving to https://github.com/miles990/claude-software-skills/.github/workflows/auto-dev-reusable.yml@main), which is fetched at runtime and will execute remote workflow code from that external repo and is relied on by the skill—constituting a runtime external dependency that executes remote code.