run-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly clones and runs agents from arbitrary git repositories using -r (e.g., https://github.com/user/agent) and auto-detects/reads repo files such as .gitagent_adapter, CLAUDE.md, and .cursorrules to configure/run the agent, so untrusted public repository content can inject instructions that materially change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches and runs remote git repositories at runtime (e.g., https://github.com/user/agent), auto-detecting files like CLAUDE.md and .gitagent_adapter from the repo which can directly control system prompts and potentially include executable agent code, so the external repo URL is a runtime dependency that can control the agent.