ak-plan

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The GitHub issues URL (github.com/saltbo/agent-kanban/issues/new) is benign (an issue-creation page, not a download), but the other URL is redacted/obfuscated ("https://…") and cannot be assessed — unknown/shortened/hidden destinations are common vectors for distributing executables or redirects, so treat the pair as moderately suspicious overall.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly reads and acts on user-generated repository and GitHub content (e.g., "Read CLAUDE.md, CONTRIBUTING.md, and recent git history" in Phase 1 and mandatory PR review steps using "gh pr view/gh pr diff" and visiting preview/staging URLs in Phase 4), so it ingests untrusted third-party content (repo files, PR bodies/diffs, and deployment pages) and uses that content to make decisions like rejecting/merging PRs and creating tasks.