github-repo-curator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires "Full repo access" and instructs the agent to "audit all repositories" and make visibility/pinning decisions (see references/workflow-integration.md and the Repository Audit Checklist/Phase 1: Audit in SKILL.md), which means it will read user-generated public/private GitHub content and use that content to drive actions and decisions—exposing the agent to untrusted third-party content that could inject instructions indirectly.