github-code-interpreter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly requires the agent to ingest and analyze public GitHub repositories provided by a user (see SKILL.md "定位仓库" and "阅读与分析") and the script scripts/bootstrap_github_analysis.py parses GitHub URLs and reads repository files (and scripts/review.sh performs git fetch), so untrusted, user-generated content from GitHub is read and can materially influence the agent's outputs and actions.