github-topics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated GitHub content (repo listings via src/github_fetcher.py and README contents via src/readme_fetcher.py, including raw files from raw.githubusercontent.com), so the agent will read untrusted third‑party text that could carry indirect prompt injection.