qa-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly directs fetching and inspecting external repositories and packages (e.g., "git clone " in references/day1_onboarding.md and the test case "TC-CLI-001: Install Skill from GitHub Repository" which reads the installed package.json), so the agent would fetch and interpret untrusted, public third-party content as part of its workflow.