content-security-scan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests and scans external SKILL.md/agent/workflow content fetched from public sources (e.g., "gh api", "WebFetch", "git clone" as described in the SKILL.md "When to Use" and the invocation examples, and enforced by scripts/main.cjs' --source-url/--content/--file flow), so untrusted, user-provided web/GitHub content is read and used to make PASS/FAIL decisions that influence subsequent tool use and incorporation—creating a clear path for indirect prompt injection if malicious content is fetched.