opensrc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries public registries (npm/PyPI/crates.io) and repository hosts (GitHub/GitLab) to resolve and shallow-clone package repos into opensrc/repos/, and AGENTS.md/sources.json are intended to be read by agents (see references/architecture.md "Registry lookup"/clone flow and registry files), so the agent will ingest untrusted, user-generated third‑party source content.