github-profile-rules

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated GitHub content (e.g., Phase 1: "python3 scripts/github-api-fetcher.py repos", Phase 2: "sample-files", and Phase 3: "pr-reviews" in SKILL.md) and uses those READ/PR/comment contents to derive rules that materially influence subsequent decisions and outputs, so it exposes the agent to untrusted third-party content.