octocode-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls public code and package sources (e.g., githubSearchCode and githubGetFileContent, packageSearch via POST /tools/call/:toolName) and its Phase 4 "Research Loop" in SKILL.md requires the agent to read tool responses' "hints" and follow them to decide next tool calls and actions, so untrusted, user-generated third‑party content from GitHub/npm/PyPI can materially influence behavior.