project

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and ingests content from public GitHub (e.g., scripts/learn.ts and scripts/incubate.ts call "ghq get" to clone/update arbitrary repos, scripts/reunion.ts scans repo directories and writes manifests, and scripts/index.ts loads and extracts from those manifests), meaning untrusted user-generated repository files can be read and indexed and thus could influence the agent's actions or knowledge.