github-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows explicitly call GitHub APIs (e.g., GITHUB_LIST_REPOSITORY_ISSUES, GITHUB_GET_A_PULL_REQUEST, GITHUB_GET_REPOSITORY_CONTENT, GITHUB_SEARCH_CODE in SKILL.md) to fetch and interpret user-generated, open/public repository content (issues, PRs, code, commits) which the agent uses to decide actions like merges, comments, and workflow dispatches, so untrusted third-party content could influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires adding and querying the external MCP endpoint https://rube.app/mcp at runtime (via RUBE_SEARCH_TOOLS) to fetch current tool schemas that directly determine the agent's tool prompts/behavior, making it a required external control point.