git-hooks-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs installing pre-commit hooks that pull and run code from public GitHub repos (e.g., the .pre-commit-config.yaml entries like https://github.com/pre-commit/pre-commit-hooks and other repo URLs), which means the agent’s workflow will fetch and execute untrusted third‑party content described in the required steps.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The .pre-commit-config.yaml in the skill explicitly references external GitHub repos (e.g. https://github.com/pre-commit/pre-commit-hooks, https://github.com/psf/black, https://github.com/astral-sh/ruff-pre-commit, https://github.com/shellcheck-py/shellcheck-py, https://github.com/compilerla/conventional-pre-commit) which are fetched by pre-commit at install/run time and therefore pull and execute remote code as required dependencies.