devops-specialist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The gh-bootstrap skill explicitly requires runtime downloads and reading of template repositories ("运行时下载...git clone 模板仓库", "必须下载模板" in gh-bootstrap SKILL.md and phases docs), meaning the agent will fetch and parse public template files from third‑party repos and use their contents to generate CI/CD/config files—untrusted user‑provided web content that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The gh-bootstrap skill explicitly requires at runtime that it read specs/template-catalog.md and "git clone 模板仓库" (i.e., external git repository URLs referenced in specs/template-catalog.md) to download templates that are then copied/instantiated and thus directly control the generated configuration, so those external git URLs (as listed in specs/template-catalog.md) are runtime dependencies that influence agent behavior.