gastown-upstream-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and inspects a public upstream GitHub repository and PR data (e.g., git fetch upstream + git log origin/main..upstream/main and gh pr list --repo steveyegge/gastown ...) and then uses those commit/PR summaries to decide rebases, cherry-picks, and push actions, so untrusted third-party content can materially influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and rebuilds the upstream repository (e.g., git fetch upstream and later make install), so it will fetch and execute code from the upstream repo URL such as https://github.com/steveyegge/gastown.git (or git@github.com:steveyegge/gastown.git), which is a runtime external dependency that can run remote code.