code-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Prerequisites and Workflow explicitly require reading a cloned GitHub repository in the code/ directory (from context-ingestion) — including notebooks, scripts, and READMEs — and instruct the agent to analyze and act on that content to generate methods and drive follow-up actions, which exposes it to untrusted public/user-generated third-party content.