github-project-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill explicitly fetches and ingests user-generated GitHub content (e.g., gh issue view ... --json body,comments and ISSUE=$(gh issue view $num --json ...) passed to npx ruv-swarm github analyze-stale --issue "$ISSUE" --suggest-action) and then uses that analysis to drive actions (comments, labels, close), so untrusted third-party content can materially influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill repeatedly runs npx to fetch and execute remote packages that orchestrate agents (e.g., ruv-swarm and claude-flow — https://github.com/ruvnet/ruv-swarm and https://github.com/ruvnet/claude-flow), which are fetched at runtime, execute code locally, and directly control agent orchestration/prompts.