qe-github-project-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows fetching GitHub issue bodies, comments and project items via gh issue view/list and gh project item-list and then passing that user-generated content into ruv-swarm commands for analysis/decomposition and automated actions (e.g., issue-decompose, analyze-stale), so untrusted third-party content is read and can directly drive tool decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly runs npx commands (e.g., npx ruv-swarm and npx claude-flow) which execute remote npm package code at runtime and the skill lists the corresponding repo https://github.com/ruvnet/ruv-swarm, so this external dependency is fetched-and-executed during runtime and is required for the skill to operate.