yaml-pipeline-transfer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and parses YAML from arbitrary code repositories (e.g., PacService.syncFromRepo and autoSync calling repositoryService.getFileContent(repoUrl, ...)), which are untrusted/user-provided third‑party sources that the agent directly reads and interprets via TransferMapper.to and yaml2Model.