github-harvester

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches and ingests public, user-generated GitHub content (e.g., README, docs, issues, discussions, and release notes via gh CLI / PyGithub methods like get_readme, get_issues, get_discussions) into the agent's RAG pipeline, exposing the agent to untrusted third-party content that could contain indirect prompt injections.