github-project-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests user-generated GitHub content (issues, comments, project boards) via gh CLI and ruv-swarm commands (e.g., "gh issue view", "gh issue list", "gh project item-list" and "npx ruv-swarm ... --issue") and then interprets that content to make decisions and perform actions such as labeling, closing, or triggering workflows.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill repeatedly invokes remote packages/actions at runtime (e.g., npx ruv-swarm, npx claude-flow, and the GitHub Action ruvnet/swarm-action) which fetch and execute code from repositories such as https://github.com/ruvnet/ruv-swarm and https://github.com/ruvnet/claude-flow and can directly control swarm agent prompts/behavior, so these are runtime external dependencies that pose risk.