symphony-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries the public Linear API (see references/linear-graphql.md and setup steps using curl + $LINEAR_API_KEY) and then runs Symphony which dispatches autonomous agents that read ticket descriptions, comments, and attachments from user-generated Linear issues to decide actions (e.g., create PRs), exposing the agent to untrusted third-party content that can influence tool use and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime fetching and use of remote repo content via "git clone https://github.com/odysseus0/symphony" (and npx skills add odysseus0/symphony), and that repository's WORKFLOW.md is copied in to provide the agent prompt/validation logic while the cloned code is built and executed, so the fetched content both controls agent prompts and executes remote code.