github-gem-seeker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly instructs the agent to "Search GitHub" and to screen repositories by reading READMEs and project metadata (Workflow steps 2–3 and Evaluation Heuristics), so the agent will fetch and interpret arbitrary public GitHub content that can influence its tool choices and actions.