qa-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Day 1 onboarding and master prompt explicitly instruct cloning/using external repositories (git clone ) and tell the LLM to read and act on files in tests/docs (e.g., test specs, package.json) from those repositories, so the agent will fetch and interpret untrusted public content (arbitrary repo URLs/GitHub installs) that can materially alter actions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's autonomous workflow instructs runtime cloning of a remote repository (e.g., "git clone https://github.com/your-org/project.git" / "git clone ") and then reading/executing the fetched tests/docs and install scripts, so remote content would directly control the agent's prompts and execute code.