symmetric-dogfooding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (Implementation Guide Phase 2 and the mise.toml tasks in SKILL.md) explicitly instructs fetching and importing partner repos from public GitHub URLs (e.g., [tool.uv.sources] git = "https://github.com/org/repo-b") and running validate:symmetric (uv sync + pytest) so the agent/CI will ingest and act on untrusted, user-published repository code and real external data which can materially change test outcomes and release decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill declares git dependencies that are fetched and imported as part of the symmetric validation run (e.g., https://github.com/org/repo-b and the concrete example https://github.com/terrylica/rangebar-py), and the integration tests invoke code from those repos at runtime, so remote code would be executed as a required dependency.