supply-chain-auditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and interprets content from GitHub (e.g., Phase 1 fallback running "gh pr list --author …" and Phase 4 / Important Notes instructing "gh api repos/{owner}/{repo}/git/ref/tags/{tag}") and parses repository/workflow/PR data (user-generated/untrusted) as part of its decision-making and PR-creation workflow, so remote third-party content can materially influence agent actions.