github-agentic-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly includes a Web MCP Server / web-fetch tool (Tool Configuration and MCP Architecture) and CLI commands like "gh aw add " which let the agent fetch and ingest arbitrary public web pages/URLs, meaning it will read untrusted third‑party/user‑generated content that can influence its decisions and subsequent tool actions.