writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly parses config.md and will "clone or fetch GitHub repository" (Step 1) and then run the code-analyzer to read and interpret that repository, meaning it ingests untrusted, user-generated content from public GitHub as part of its workflow.