tech-due-diligence

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to clone and read a GitHub repository URL ("When a user invokes this skill... a GitHub repository URL (which you should clone first)"), meaning it fetches and ingests arbitrary public/user-generated third‑party code that the agent will interpret and act on, enabling indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires cloning a user-supplied GitHub repository URL at runtime (e.g., git clone of https://github.com/... or git@github.com:org/repo.git) and injects the fetched codebase into the agent's analysis context, so remote content directly controls prompts and is a required runtime dependency.