takt-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's built-in instructions explicitly instruct fetching and ingesting public, user-generated content (e.g., references/takt/builtins/ja/facets/instructions/gather-review.md uses gh pr view / gh pr diff to pull GitHub PRs, and references/takt/builtins/ja/facets/instructions/research-dig.md allows downloading public datasets), which the agent is expected to read and use to drive analysis and decisions, exposing it to untrusted third‑party content.