agent-repo-architect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly runs public GitHub searches and uses WebFetch/mcp__github__search_repositories as part of its workflow (e.g., the ARCH_PATTERNS=$(Bash(gh search repos ...)) and mcp__github__search_repositories examples), meaning it fetches and interprets public, user-generated repository content that can materially influence its architecture decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes npx ruv-swarm in multiple runtime hooks and lists "ruv-swarm" as a dependency (fetched from the npm registry, e.g. https://registry.npmjs.org/ruv-swarm), which means remote code will be retrieved and executed at runtime and is required for the skill to operate.