building-github-index

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (e.g., scripts/github_index.py and scripts/pk_index.py) explicitly fetch repository tarballs from the public GitHub API (https://api.github.com/repos/{owner}/{repo}/tarball/{branch}) and parse untrusted, user-generated repo content (frontmatter, headings, notebooks, code symbols) into indexes that the agent uses for retrieval and decision-making, which could allow indirect prompt injection.