code-necromancer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and scripts (e.g., SKILL.md commands like "gh repo list ORG ..." and scripts/scan-repos.sh plus scripts/analyze-repo.sh) explicitly fetch and ingest arbitrary GitHub organization repositories and their contents (public/user-generated code and READMEs), which the agent is expected to read and use to drive analysis and subsequent actions—exposing it to untrusted third-party content that could inject instructions indirectly.