github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the agent fetching and proxying GitHub content (e.g., list-issues, get-pull-request, search-issues and the general membrane request proxy) from public/user-generated GitHub repos and issue/PR text, which the agent is expected to read and which can materially influence follow-up actions like commenting or merging.