codeql

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly installs and loads third‑party CodeQL packs from public sources (e.g., references/ruleset-catalog.md shows codeql pack download for trailofbits/GitHubSecurityLab packs and workflows/run-analysis.md / references/important-only-suite.md and run-all-suite.md instruct generating suites that include installed third‑party packs), and the agent is expected to resolve, read metadata, and execute those external packs' queries as part of its analysis, which means untrusted public content can materially influence tool behavior.