repo-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses third-party, user-generated repository content via the GitHub API (e.g., fetching workflow files at repos/{repo}/contents/.github/workflows, PR lists, branch/commit metadata) and uses that content to drive decisions and automated fixes (flagging unpinned actions, removing --config auto, enabling settings), so untrusted repo content can materially influence agent actions.