oss-code-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly requires browsing and reading public GitHub content (see "Step 2 – Repository Structure Exploration" and the "Only fetch URLs from the following allowed domains: github.com, raw.githubusercontent.com, api.github.com" guidance), meaning the agent will fetch and interpret untrusted, user-generated third-party repository content as part of its workflow and use those findings to drive analysis and recommendations, which enables indirect prompt injection risk.