report-generation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md integration examples (see "Integration with Agents" and "Code Agent (GitHub Reports)" lines showing github.get_commits(days=1) and agent tasks to "Get yesterday's commits") indicate it ingests GitHub/agent-gathered data (user-generated, third‑party content) into the report workflow and then uses that content in downstream tasks, so untrusted external content could influence actions.