github-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the skill queries and reads GitHub code, repositories, issues, and PRs via the MCP "github" server (requires a GITHUB_PERSONAL_ACCESS_TOKEN), which ingests public, user-generated GitHub content that the agent will read and could contain instructions influencing its actions.