github-stars-organizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly opens and reads the user's public GitHub Stars page and per-repository list endpoints (see SKILL.md Primary Workflow steps 1–5 and GitHub-Specific Notes referencing /<owner>/<repo>/lists), ingesting user-generated repo names/descriptions and list metadata which the agent uses to decide list creation and assignment and thus could be influenced by untrusted third-party content.