social-preview

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required "Step 1: Scan Repo for Context" explicitly reads public repository data (local repo files and remote metadata via git remote / gh api repos/{owner}/{repo}) and inspects user-generated content like package metadata and Tailwind config which the workflow then uses to choose templates, colors, and tagline for image generation, so untrusted third-party content can influence agent decisions.