fork-intelligence

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md pipeline explicitly instructs the agent to call GitHub APIs (e.g., "gh api repos/$UPSTREAM/forks", "repos/FORK_OWNER/REPO/branches", compare endpoints, commits, pulls, tags/releases" in Steps 2–5 and 7) to fetch and interpret arbitrary public forks/commits/PRs (user-generated, untrusted third-party content) which directly drive analysis, tiering, and follow-up actions, enabling indirect prompt-injection risk.