contribute-rule

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly clones and reads content from public GitHub repositories (e.g., the git clone https://github.com/.git step in Step 3) and then ingests files like add-rule.md, CLAUDE.md, and .claude/rules/ (Step 2/3) as required inputs, so untrusted third-party, user-generated content is interpreted and can materially influence subsequent actions such as rule creation and PR commands.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs a runtime git clone of https://github.com/.git (default TBSten/skills) and then reads /tmp/contribute-rule/.claude/skills/add-rule.md from that clone to drive how it constructs rules and prompts, so fetched repository content can directly control agent instructions.