trailofbits-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The semgrep skill explicitly requires including and using third-party community rulesets (e.g., "Trail of Bits, 0xdea, and Decurity" in semgrep-SKILL.md) and clones/consumes external repos/rulesets as part of the mandatory scan plan and Task spawning, so the agent will fetch and interpret untrusted, user-sourced rules that materially affect scanning decisions and follow-up actions.