software-tool-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to analyze GitHub and other repositories (see SKILL.md and README) and to read files like README, package.json and docs using tools such as read_file, list_dir and grep_search, so it will ingest and interpret untrusted, user-generated repository content from public third-party sources.