wiki-llms-txt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly resolves a repository URL and inlines "ALL content derived from actual wiki pages" (see "Source Repository Resolution" steps and the llms-full.txt inlining rules / mention of GitHub MCP get_file_contents and search_code), meaning it fetches and reads untrusted, user-generated wiki pages and uses that content to generate files — which could allow indirect prompt injection.