searching-codebases

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and indexes public GitHub repositories (SKILL.md lists "GitHub URL" as a SOURCE and scripts/resolve.py's _resolve_github downloads tarballs), and its semantic TF-IDF and context code (scripts/code_rag.py, scripts/search.py, scripts/context.py) ingest docstrings, comments, and markdown from those untrusted, user-generated repos that directly influence search results and subsequent actions, creating a clear vector for indirect prompt injection.