codebase

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly clones and syncs repositories from URLs listed in repo.yaml (see SKILL.md and references/implementation.md) and its /codebase analyze and worktree/sync-deps flows read and act on those repository files, so arbitrary third-party repo content is ingested and can influence analysis, installs, or PR actions.