get-qodo-rules

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches repository-specific rules from the Qodo platform API (see references/pagination.md and the API URL based on ENVIRONMENT_NAME/app.qodo.ai, configured via ~/.qodo/config.json) and then prints and enforces those rule texts during code generation, so untrusted/user-authored rule content could materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime GET requests to the Qodo API (e.g., https://qodo-platform.staging.qodo.ai/rules/v1 via GET {API_URL}/rules?scopes=...) to fetch rules that are then injected into and directly control the agent's code-generation instructions, making this external content a required runtime dependency.