docs-from-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to "clone" a user‑provided remote repository and then run graphify and the extraction scripts to read GRAPH_REPORT.md, README/docstrings, and source files (see SKILL.md and README.md), meaning it ingests arbitrary public/user-generated repo content which the agent then interprets to decide what docs to write and whether to open PRs.