dotagents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — the tool explicitly fetches and installs skills from open/public third‑party git sources (e.g., GitHub shorthand like "getsentry/skills", arbitrary git: URLs and HTTPS repos) during required workflows such as dotagents add/install/update and wildcard discovery (references/cli-reference.md and references/configuration.md), and those installed skills (and declared hooks/MCP configs) are then read/executed by agent tools, so untrusted repo content can materially influence tool behavior while the default trust config allows all sources.