self-test

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the skill to call GitHub APIs against the TEST_REPO (Tier B read-only tests and Tier C mutation tests) to fetch repository files, PRs, issues, comments, discussions and other user-generated content from GitHub, which the agent reads and uses to drive test decisions and follow-up actions.