github-code-interpreter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires the user to provide a GitHub repository URL and then reads and analyzes untrusted, public repository content (README, source files, tests) as part of its mandatory "阅读与分析" workflow and via scripts/bootstrap_github_analysis.py which parses GitHub URLs and reads the repo, so third-party repo content can influence analysis and generated actions.