github-multi-repo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill directly fetches and reads code and documentation from GitHub (e.g., gh search repos "language:javascript...", gh api repos/:owner/:repo$contents$... and gh repo clone org/$repo to pull package.json and CLAUDE.md), which are public/user-generated third-party sources that the agent ingests and interprets as part of its workflow, exposing it to potential indirect prompt injection.