github-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated content from GitHub and Papers With Code (see search_github.py, repo_readme_fetch.py, clone_repo.py, search_paperswithcode.py and the Phase 2–4 workflow) and requires the agent to read and act on that content (scoring, ranking, deep code reading, and building integration blueprints), so untrusted third‑party pages could indirectly inject instructions affecting tool use and decisions.