dig

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly clones and explores arbitrary public GitHub repositories (git clone https://github.com/{owner}/{repo}.git into /tmp/cc-repos/{repo-name}) and runs a Research/Explore agent to read README, docs, and source files, so it ingests untrusted third-party content from public repos.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill performs a runtime git clone of external repositories (e.g., https://github.com/{owner}/{repo}.git), then has a Research agent traverse that fetched repository to construct prompts/answers—so external content directly controls agent behavior.