trash-truck

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires cloning/entering a target repo (SKILL.md "Clone or enter the target repo") and its mandatory pre-scan.sh inspects tracked files via git/rg/AST, so the agent will ingest and act on arbitrary public/user-generated repository content (reading code, comments, and docs) which can materially influence verification and PR creation.