netresearch-branding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's checkpoints (llm_reviews, e.g. NB-20) explicitly instruct fetching and inspecting public GitHub repository metadata via "gh api repos/{owner}/{repo}" (and references to public sites like bestpractices.dev/securityscorecards) so the agent will ingest untrusted, user-controlled web content and use it to drive pass/fail decisions and actions.