planning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs agents to fetch and analyze content from public third-party sources—e.g., GitHub repositories, pull requests/issues via the gh command and repomix --remote , and external documentation via docs-seeker—which are untrusted/user-generated and are read/interpreted as part of the planning workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Research & Analysis phase includes a runtime command example that fetches a remote GitHub repository (repomix --remote https://github.com/mrgoonie/human-mcp), which would pull external code/content into the agent's context and thus can directly control prompts/analysis.