ln-913-community-debater

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's mandatory discovery steps read repository files and metadata from the target project (e.g., "docs/community_engagement_strategy.md" and repo categories/ids via the GitHub discovery protocol) and the agent is required to interpret those documents to decide whether a topic qualifies and how to compose/publish discussions, which exposes it to untrusted, user-authored repository content.