kickoff

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1 "Fetch and Parse Issue" explicitly instructs the agent to run gh issue view to fetch GitHub issue content (public, user-generated) and then parse and use that content to drive planning and implementation decisions, which exposes the agent to untrusted third-party text that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches and parses GitHub issue content at runtime (via commands like "gh issue view " which correspond to URLs such as https://github.com///issues/), and it injects that issue body into the agent's context to drive prompts, so external GitHub issue URLs can directly control agent instructions.