new

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly accepts and configures arbitrary public GitHub repositories (e.g., "deploy from github.com/user/repo" and the EnvironmentConfig "source.repo" field), meaning the agent can ingest and act on untrusted, user-generated content from the open web.