workbench-mirage-vfs-tool

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires reading "the current upstream Mirage release or package metadata" and "the issue, PR, repo, or runtime surface that will consume the mounted files," which are untrusted public third‑party sources whose content the agent will interpret to decide installs, mounts, and actions.