github-repo-auditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime (src/index.ts) runs the GitHub CLI ('gh repo list ') to fetch repository metadata (names, descriptions, pushedAt, etc.) from a GitHub organization — user-generated, public/untrusted content that is parsed by classifyRepos/auditRepoHygiene and can materially affect classification and reporting decisions.