github-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly discovers and ingests untrusted, user-generated content from public web sources—e.g., GitHub (search via gh API, repo_readme_fetch.py, clone_repo.py and Phase 2/Phase 4 steps in SKILL.md) and Papers With Code (search_paperswithcode.py)—and the agent is required to read and interpret those READMEs and cloned source files to score, rank, and drive integration actions, so third-party content can materially influence tool use and next steps.