open-source-contributions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The pr-prepare agent explicitly reads and interprets repository files (e.g., it runs "cat CONTRIBUTING.md", "cat .github/CONTRIBUTING.md", "cat CODE_OF_CONDUCT.md", and inspects repo files via git ls-files in scripts/pre-pr-check.sh), which means it ingests user-provided / public project content (untrusted third-party material) as part of its workflow and could be influenced by malicious instructions in those files.