octocode-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly calls external, public sources (e.g., githubSearchCode and githubGetFileContent via POST /tools/call/:toolName as described in SKILL.md, README.md, and API docs) and its mandatory research workflow requires the agent to read tool responses, verbalize and "follow hints", letting untrusted GitHub/npm content drive subsequent tool use and decisions.