code-explorer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and clones arbitrary public GitHub repositories (via ghq get / gh api) and queries public package registries (npm, PyPI, RubyGems, Crates.io) to read and analyze repository files and registry metadata, thereby ingesting untrusted, user-generated third‑party content that could contain indirect prompt injections.