printing-press-publish

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly clones and reads the public GitHub repository (https://github.com/mvanhorn/printing-press-library) and uses gh/git commands (git clone, gh pr list, reading manifests/README/.manuscripts and PR metadata) as required workflow steps to determine collisions, branch names, and PR behavior, so it ingests untrusted, user-generated third-party content that can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill clones and uses the external repo https://github.com/mvanhorn/printing-press-library at runtime (via git clone / gh repo fork) and then may execute code from that clone (e.g., go run ./tools/generate-skills/main.go and other go run calls), so fetched content can directly execute code in the runtime.