openai-security-ownership-map

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill runs git log against an arbitrary --repo (see build_ownership_map.py::run_git_log and scripts/run_ownership_map.py) and loads/writes commits.jsonl, CSV/JSON graph outputs (queried by query_ownership.py and community_maintainers.py), so it ingests untrusted, user- or public-repository content (commits/files) that an agent would read and could contain indirect prompt injections.