reverse-engineer-rpi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's main workflow (scripts/reverse_engineer_rpi.py) accepts a --docs-sitemap-url and invokes scripts/fetch_url.py to fetch arbitrary https/file URLs (then parse with scripts/extract_sitemap_paths.sh and use the resulting docs-features to build the feature inventory/registry), so untrusted third-party sitemap pages are read and their content deterministically influences subsequent analysis and outputs.