context7

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to search and read public GitHub issues, pull requests, and discussions (e.g., "Read discussion" and "Check PR for code changes"), which are untrusted, user-generated third-party contents that the agent uses to make decisions and perform follow-up actions.