cli-agent-experience

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly requires cloning/fetching and reading public GitHub repositories ("Step 1: GitHub repo URL → Clone/fetch, read source") and parsing CLI outputs/source code ("Step 2: Read output formatting code", run sample commands), which are untrusted, user-generated third‑party contents that the agent must interpret and that can materially influence its decisions.