github-workflow-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and acts on GitHub user-generated content (e.g., "gh pr view ... --json files | npx ruv-swarm actions pr-validate", "gh run view --json ... | npx ruv-swarm actions analyze-failure", and "gh run download " pipelines in SKILL.md), so untrusted third-party repo/PR/log data are parsed and can drive automated comments, issue creation, fixes, or deployments.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly invokes npx/npm to fetch and execute the ruvnet packages that it depends on (e.g., https://github.com/ruvnet/ruv-swarm and https://github.com/ruvnet/claude-flow), which are fetched at runtime and can execute remote code and control agent behavior.