github-project-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly clones arbitrary public GitHub repositories and uses tools like gh repo view, gh issue list, and direct file reads (README, package.json, tests, Issues/PRs), thereby ingesting untrusted, user-generated third‑party content from GitHub as part of its analysis workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly clones and runs arbitrary GitHub repositories at runtime (e.g., "git clone https://github.com/owner/repo.git" and example URLs like https://github.com/facebook/react), so fetched external code can be installed/run/tested by the agent and thus may execute remote code which the skill relies on.