github-kb

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly uses the GitHub CLI to search and clone public repositories and instructs the agent to "Read README or key files to understand the project" (see "Cloning a New Repo to KB" and "Searching Repos" sections), which pulls untrusted, user-generated content from public GitHub that the agent must interpret as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill performs runtime cloning of arbitrary GitHub repositories (e.g., "git clone https://github.com//.git") and then reads README/key files to generate project descriptions, so fetched remote content can directly influence the agent's prompts/responses.