gh-aw-adoption

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and adoption prompt explicitly instruct the agent to fetch and read markdown workflow files from the public github/gh-aw repository (e.g., "gh api repos/github/gh-aw/contents/.github/workflows" in Phase 1 and the Generic Adoption Prompt and coordinator scripts), and then parse/adapt those files to create and commit workflows—i.e., untrusted third-party content is ingested and directly influences subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill issues runtime fetches from the gh-aw repository (e.g., via "gh api repos/github/gh-aw/contents/.github/workflows/.md" and referenced at https://github.com/github/gh-aw), which loads remote markdown workflow prompts and definitions that are injected/used to drive agent instructions and workflow creation, making this a required runtime external dependency that directly controls agent behavior.