markdown-stack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's GitHub Cards feature (::github{repo="owner/repo"}) explicitly "fetches repo info via API" and will ingest and render public, user-generated GitHub content (descriptions/README) as part of the markdown pipeline, exposing the agent to untrusted third-party content.