retro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs git fetch and many git log queries against origin/ (see "Step 1: Gather Raw Data" and global discovery steps) and parses commit messages, PR numbers, and repo contents from remote repositories—user-generated, potentially public third-party data—which the agent reads and uses to drive analysis and recommendations.