readme-wizard

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's scan script (scripts/scan_project.sh) explicitly calls the GitHub API and curls the repository's homepage ("HOMEPAGE") to crawl and parse external homepage content for social links (HOMEPAGE_CONTENT), so it fetches and interprets arbitrary public third-party webpages which are then used to influence README generation.