issue-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and parse public, user-generated GitHub issues (Step 2: using the gh CLI and a WebFetch fallback with the prompt "Extract GitHub issues from this search page..."), so the agent will ingest untrusted third‑party content and use it to determine which issues to surface.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's WebFetch fallback explicitly fetches GitHub search pages (https://github.com///issues?q=) at runtime and feeds the fetched page into the agent with a WebFetch prompt to extract issues, meaning remote content is injected into and directly controls the agent's input.