github-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly performs external research against public third-party sources — e.g., Octocode MCP for GitHub repos, Bright Data / WebSearch and WebFetch for web docs and arbitrary URLs — and requires the agent to read, summarize, and pass those results into agent workflows, which exposes it to untrusted, user-generated web content that could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill issues runtime web/tool fetches (e.g., WebFetch url="https://docs.{library}.com/getting-started" and MCP calls like mcp__octocode__packageSearch / mcp__brightdata__search_engine) whose fetched content is injected into agent prompts and thus directly controls agent instructions at runtime.