delivery-reporting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Gate 2 "Repository Analysis" and mandatory Gate 2.5 "Deep Code Analysis" explicitly instruct the agent to fetch and read public Git/GitHub content (e.g., "gh release list", "gh pr list", README.md, "Read code diff") — untrusted, user-generated third‑party data that the agent must interpret and use to drive analysis and decisions.