about-oracle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflows for --stats and --family explicitly run commands (e.g., gh issue view ..., gh repo list ..., and a fleet-scan script) to fetch live GitHub issue/repo data (public, user-generated content) and instruct the agent to read and incorporate that content into the generated output, so untrusted third‑party text can influence the agent's behavior and produced decisions/narrative.