github-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly asks users for a GitHub URL and instructs the agent to "Clone or fetch the repository" (e.g., using gh repo clone / git clone) and then reads README, docs, and source files—thereby ingesting arbitrary public, user-generated GitHub content.