skill-as-a-service

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts and examples show using a githubUrl/workspaceId to clone and analyze public GitHub repos (e.g., "githubUrl" in create_task and examples in README/references), so the agent will fetch and interpret arbitrary, user-generated third-party content from GitHub as part of its workflow.