codebase-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md and intake docs explicitly include a "hosted-search" packet and mention using remote/browser-first tools (e.g., GitHub/GitLab hosted search and PR archaeology), which requires fetching and reading user-generated content from public repos/PRs that the agent would interpret as part of its workflow.