github-multi-repo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows explicitly fetch and clone GitHub repository content (e.g., gh api repos/.../contents/package.json, gh repo clone org/$repo, gh search repos ...) and read CLAUDE.md/package.json from other repositories, meaning the agent ingests untrusted, user-generated third-party repo content which is then used to drive decisions and actions like tests, commits, and PR creation.