codeql

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow explicitly instructs fetching and using public query repositories and packs (e.g., "Clone Standard Queries" with git clone https://github.com/github/codeql.git, "codeql pack download", and analyze commands that reference external/./custom-queries), meaning the agent will ingest and execute publicly hosted query/code from open third‑party sources which can materially influence analysis and subsequent actions.