qodo-get-rules

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches repository-specific rules from the Qodo platform API (e.g., https://qodo-platform.qodo.ai/rules/v1 as described in SKILL.md Step 4 and references/pagination.md) and then reads and applies those external rules to guide code generation and enforcement (Step 6), so untrusted third-party rule content could inject instructions that materially alter agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill performs runtime fetches from the Qodo API (e.g., https://qodo-platform.qodo.ai/rules/v1 and its environment variants) to load repository-specific "rules" that are then injected into and directly control code-generation instructions, and these remote rules are required for the skill to operate.