gh-profile

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs embedding and programmatically fetching content from open public sources — e.g., GitHub Actions blog feed ingestion (feed_list: "https://yourblog.com/feed.xml,https://medium.com/feed/@yourusername"), third‑party stat/badge endpoints (github-readme-stats.vercel.app, visitor-badge.laobi.icu, readme-typing-svg.herokuapp.com), and a Python script that fetches repo data from the public GitHub API — all of which pull untrusted/user-generated web content the agent would read or include in the README.