skill-contributor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to call get_file_contents on the public timescale/marketing-skills repo and to read and apply those fetched files (Step 1/Step 2 Path A), meaning it ingests public, user-authored GitHub content as part of its workflow which could influence commits/PR actions and enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill issues runtime GitHub fetches (e.g., get_file_contents against the timescale/marketing-skills repo — https://github.com/timescale/marketing-skills) to load repo file contents which are then injected/used to construct and push PR content, so external repo content can directly influence the agent's outputs.