semgrep

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's SKILL.md explicitly instructs fetching and using remote/community rule sources (e.g., the "Third-Party Rules" section: git clone https://github.com/trailofbits/semgrep-rules.git and semgrep scan --config https://example.com/custom-rules.yaml, plus registry usages like r/trailofbits), which causes the agent to ingest untrusted, user-generated third‑party content (rules) that directly affect scanning behavior and subsequent actions.