ghost

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly requires ingesting upstream repositories and their public docs/sites (see "Inputs: Source repo path (git working tree)" and steps "Locate the test suite(s), examples, and primary docs (README, API docs, docs site)" plus "upstream identity + revision (remote URL if available)"), so the agent will fetch and interpret arbitrarily-sourced, untrusted third-party content that can influence subsequent extraction/verification actions.