System

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and analyzes files from a public fork (pai-opencode) in Workflows/CrossRepoValidation.md (and runs SecretScanning/GitPush against the public repo), so it reads untrusted, user-generated repository content locally and uses those findings to drive decisions (block pushes, auto-fix, report), creating a clear avenue for indirect prompt injection via crafted repo content.