librarian

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill (SKILL.md and the checkout.sh script) clones and fetches arbitrary public Git repositories (GitHub/GitLab/Bitbucket URLs provided by the user) and explicitly tells the agent to "use that path for searching, reading, and analysis," meaning untrusted, user-generated repository content can be ingested and influence agent actions.