character

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly allows loading and reading repository files from external sources (e.g., "player: home: github:donhopkins/characters/don.yml" and examples like "party: review @central/tools/edgebox/scripts/ingest.py"), so the agent can fetch and interpret arbitrary third‑party repository content (public GitHub or other repos), exposing it to untrusted user-generated data and indirect prompt injection.