neo-team-copilot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's PR Review workflow (references/workflows.md / SKILL.md) explicitly accepts PR/MR diffs provided by gitlab/gh CLI (user-contributed, public repository content) which the orchestrator and specialist agents (code-reviewer, security, QA) are required to read and act on, exposing the agent to untrusted, user-generated third-party content that can influence tooling and next actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt mandates spawning "general-purpose" agents with full toolsets (bash/edit/command execution) for live system investigation and implementation, enabling arbitrary state-modifying actions (including potential privileged changes) and imposes no clear restrictions on modifying system-level files or using sudo, so it presents a high risk of compromising machine state.