automated-assessment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and evaluates arbitrary repository content and GitHub data as part of its required workflow (scripts/run-checkpoints.sh operates on a given project root and the Agent Prompt Template in references/checkpoint-workflow.md spawns LLM domain agents to review repository files and gh_api/GitHub interactions), so untrusted, user-generated third‑party content can be ingested and materially influence agent decisions and follow-up actions.