starduster

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches public, user-generated GitHub content (repo descriptions and README texts via gh and saved to files like $WORK_DIR/stars-extracted.json and $WORK_DIR/readmes-batch-*.json) and delegates reading/analysis of those untrusted files to a synthesis sub-agent, so the agent consumes third-party content that could carry indirect prompt-injection payloads.