open-source-contributions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The pr-prepare agent explicitly reads and interprets target-project files (e.g., the "cat CONTRIBUTING.md" and "cat .github/CONTRIBUTING.md" steps in agents/pr-prepare.md) and uses those untrusted, user-maintained repository documents to extract required checks and drive subsequent actions (lint/test/commit/PR behavior), so third-party repo content can materially influence the agent's decisions.