skill-domain-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 3 "Deep read" explicitly requires reading and extracting content from public GitHub issues and discussions ("GitHub issues and discussions — this is one of the highest-yield sources" and "Use gh search issues and gh search prs (or the GitHub web search UI) against the library's repo"), which are untrusted, user-generated third-party sources that the agent must interpret and that can materially influence failure-mode findings and subsequent actions.