reference-seek

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs GitHub searches (gh api), fetches raw files from public repos (raw.githubusercontent.com), and performs WebSearch to ingest public blogs/tutorials, and it requires the agent to read and analyze that untrusted third-party content to drive repository selection, deep-dive analysis, and actionable recommendations.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches repository source files at runtime via curl to raw GitHub URLs (https://raw.githubusercontent.com/{owner}/{repo}/{default_branch}/{path}), and those fetched files are injected into the agent's analysis/prompt context as a required dependency for the repo deep-dive, so remote content can directly control the agent's prompts.