content-security-scan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and scans external content fetched from public web/GitHub sources (e.g., "After fetching external SKILL.md content via gh api or WebFetch" in SKILL.md and the CLI/scripts that accept --source-url and content), so it reads untrusted third‑party content which can contain indirect prompt-injection payloads that affect PASS/FAIL decisions and downstream actions.