repository-module-architecture

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The module clearly ingests untrusted, user-controlled repository content — e.g., ServiceScmResource.getFileContent, RepositoryPacService.syncYamlPipeline (PAC reading YAML from repos), OAuth callback handling and stored webhook requests (T_REPOSITORY_WEBHOOK_REQUEST) — meaning arbitrary public or user-provided repo files and webhook payloads are read and interpreted as part of its workflow.