existing-repo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to clone and analyze arbitrary repositories (e.g., "git clone [frontend-repo]" / repo analysis commands) and to install pre-commit hooks from public GitHub URLs (see .pre-commit-config.yaml entries like https://github.com/astral-sh/ruff-pre-commit), so it clearly fetches and ingests untrusted public third-party content that the agent will read.