unblocked-context-search-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls context_search_code to fetch and interpret code from external repositories (see "Sources: GitHub, GitHub Enterprise, GitLab, Bitbucket, Bitbucket Data Center, Azure DevOps" and the SKILL.md instructions to run context_search_code), so untrusted third-party repository content is read and can influence the agent's decisions and actions.