tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and parses public third‑party content as part of its required workflows—it clones upstream repos like openai/skills and anthropics/skills per references/openai-skill-benchmark.md and scripts/openai_skill_benchmark.py, and it fetches skills.sh API results in scripts/postgres_best_practices_snapshot.sh—then reads and interprets those SKILL.md/API artifacts to generate proposals and per-skill decisions, so untrusted user-generated content can materially influence actions.