jcodemunch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly supports indexing and querying public GitHub repos via the documented index_repo(url) call in SKILL.md and then reads/returns source and README content through tools like search_symbols, get_symbol_source, and get_context_bundle, so untrusted, user-generated repo content can be interpreted and materially influence agent decisions.