github-issue-dedupe
Detect duplicate GitHub issues using semantic search and keyword matching. Use when asked to find duplicates, check for similar issues, or set up automated duplicate detection.
88
88%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Security
3 findings — 1 critical severity, 2 medium severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
E006: Malicious code pattern detected in skill scripts
What this means
Detected high-risk code patterns in the skill content — including its prompts, tool definitions, and resources — such as data exfiltration, backdoors, remote code execution, credential theft, system compromise, supply chain attacks, and obfuscation techniques.
Why it was flagged
Malicious code pattern detected (high risk: 1.00). The workflow and skill explicitly embed and transmit repository secrets and full issue content to an external agent (warp-agent), including interpolating and exporting GITHUB_TOKEN into the agent prompt, which enables credential exfiltration and remote control of the repository—this is a high-risk intentional data-exfiltration/backdoor pattern.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and interprets user-generated GitHub issue content (e.g., "gh issue view <number>" in SKILL.md and the GitHub Actions payload `${{ github.event.issue.body }}` in README.md), and uses that content to decide whether to post comments, so untrusted third-party text can influence agent actions.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 1.00). The workflow invokes the external GitHub Action warpdotdev/warp-agent-action@v1 (and passes skill_spec "warpdotdev/oz-skills:github-issue-dedupe"), which is fetched and executed at runtime and is used to load external skill content that directly controls agent prompts/instructions.
- Repository
- warpdotdev/oz-skills
- Commit
2ca570e
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.