coding-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow's Step 1 explicitly shows cloning a repository (git clone ) into the workspace and then instructs the agent to read and use those workspace files to generate coding prompts and requests to the Manager, meaning public/untrusted repo content can be ingested and directly influence subsequent tool use and actions.