skills-factory

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and the Frontmatter Decision Guide explicitly allow "Dynamic Context Injection" that runs shell commands like !gh issue list --limit 10 and !gh pr list --limit 5 (see FRONTMATTER_DECISION_GUIDE.md / "Dynamic Data" examples), which injects live GitHub/third-party content into the skill before Claude sees it and the skill then uses that content to drive decisions and actions—exposing the agent to untrusted, user-generated web content that can influence tool use.