warden

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly supports fetching "remote skills" from third-party GitHub repos via commands like warden add --remote <org>/<repo> (see references/creating-skills.md) and defines SKILL.md files as agent instructions ("Skills are markdown files that tell Warden what to look for") which can include allowed-tools (e.g., WebFetch, WebSearch, Bash), so untrusted repo content would be read and could change agent behavior.