search-and-fork

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill uses the search_open_source_repositories tool to fetch public Gitee repositories and explicitly instructs the agent (SKILL.md Steps 2–3) to read/evaluate README, license, activity, and other repo content — untrusted, user-generated content that can materially influence which repo is chosen and what actions the agent takes, so it could enable indirect prompt injection.