code-tour

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly tells the agent to "Fetch one when you need a working example" from public GitHub (see "Real-world .tour files on GitHub" and the GitHub search/raw.githubusercontent.com tips) and scripts/generate_from_docs.py extract external links from READMEs into uri steps, so the agent will ingest untrusted, user-generated web content and user-provided URLs that can materially influence generated tour steps/commands.