deal-with-security-advisory

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read reporter-authored advisory text from GitHub via "gh api repos/paperclipai/paperclip/security-advisories/{{ghsaId}}" (Step 0), and that untrusted advisory description is required input that influences how fixes are developed and published.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill issues a runtime POST to the GitHub forks API (repos/paperclipai/paperclip/security-advisories/{{ghsaId}}/forks) and then instructs to git clone <clone_url_from_response> and run tests, which fetches remote repository code and leads to executing that code locally (i.e., remote code execution via the cloned repo).