github-repo-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly clones arbitrary GitHub repositories ("第二步：Clone 仓库" / git clone) and then reads and analyzes repository files (e.g., README, code) via scripts like scripts/repo_info.py and the analysis steps, which exposes the agent to untrusted, user-generated content from public third-party sources that can influence analysis and subsequent tool actions.