librarian

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to "search public repositories" and "fetch source and read targeted files (README, package metadata, entry points)," which exposes it to untrusted public third‑party content that it must read and act on.