vibe-manifest-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The AGENTS.md template (included by the skill and generated as part of its workflow) explicitly instructs using the gh CLI and a "ci-watcher" to read GitHub PRs/issues/checks (public, user-generated content), which the agent is expected to read and use to decide actions like merging or launching subagents, so untrusted third‑party content can materially influence behavior.