github-codebase-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill performs semantic search and reads content directly from public GitHub repositories via the GitHub API (see SKILL.md and scripts/github-codebase-search.py), so it ingests untrusted, user-generated third-party content that the agent interprets to answer queries and could enable indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The script can fall back to invoking "bunx @morphllm/morphmcp@latest" at runtime (see the command string "bunx @morphllm/morphmcp@latest"), which will fetch and execute remote package code that implements the morphmcp agent logic and thus directly controls prompts/behavior.