ghostpatch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs "scan --live" to find and work on GitHub issues and surfaces "exact issue or PR text before posting" (SKILL.md), which means it fetches and interprets user-generated, public GitHub content that can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill falls back at runtime to fetching and executing remote code via "npx --yes @sambhram06/ghostpatch", which downloads and runs an external npm package as a required runtime fallback and therefore can execute remote code.