verify-fix

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches a user-provided GitHub issue URL (SKILL.md "Fetch the issue") and ingests user-generated reproduction steps from that public issue to drive builds and runtime actions, so untrusted third-party content can directly influence tool use and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill fetches a user-provided GitHub issue URL at runtime (e.g., https://github.com/owner/repo/issues/123) and extracts reproduction steps that directly control the agent's build-and-execute actions, so the fetched content can control prompts/instructions and executed code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly directs the agent to create a report at "/.ai/fix-verification-report.md" (a root-level path), which modifies the system filesystem and likely requires elevated privileges, so it pushes the agent to change the machine state.