github-repo-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md workflow explicitly instructs using gh search and gh api to fetch and decode file contents from arbitrary GitHub repositories (steps 2–4), which are public, user-generated third-party sources that the agent is expected to read and summarize, allowing those files to materially influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill directly fetches arbitrary repository files at runtime via the GitHub API (e.g., gh api repos/OWNER/REPO/contents/ and the file's download_url fetched with curl -L), injecting that remote content into the agent's context to guide its responses, so the external URL(s) control prompts and are required.