detect-project

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and parses public GitHub repository contents using the github-mcp-server APIs (mcp_github_get_file_contents and fetch_mcp_resource in "Scenario B: Remote Git URL Provided" of SKILL.md), and those untrusted, user-created files are used to detect language/framework and to drive downstream actions (image selection, invoking /recommend-image or /s2i-build), so third-party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs using the github MCP at runtime (e.g., mcp_github_get_file_contents(owner, repo, path="/") and fetch_mcp_resource using URIs like repo://{owner}/{repo}/contents/{file-path} or https://github.com/...) to read repository files and inject them into the agent's analysis, so remote repo content can directly control prompts/instructions.