implementing-github-advanced-security-for-code-scanning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's runtime scripts (scripts/process.py and scripts/agent.py) and the SKILL.md explicitly fetch and ingest GitHub data (e.g., api.github.com endpoints and gh api /repos/.../code-scanning/alerts, secret-scanning, Dependabot, and SARIF uploads), which are untrusted/user-generated third‑party contents that the agent reads and uses to drive triage, gating, and reporting decisions—creating a clear avenue for indirect prompt injection.