rfc-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly requires using octocode MCP tools (e.g., githubSearchRepositories, githubSearchCode, githubGetFileContent, githubSearchPullRequests) to fetch and read public GitHub repos/PRs as part of Phase 3 research, so untrusted, user-generated web content from GitHub will be ingested and used to drive decisions in the RFC workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill mandatorily requires an octocode MCP server (https://github.com/nicepkg/octocode) at runtime to fetch GitHub source files which are read and injected into the agent's context to drive research prompts and RFC content, so this external repository directly controls agent behavior and is a required runtime dependency.