skill-from-github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly directs the agent to search and read public GitHub projects (README, core source files, examples) — untrusted, user-generated content that the agent is expected to ingest and interpret — creating a risk of indirect prompt injection.