license-scan-scancode

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to run ScanCode against an arbitrary target path and parse the resulting JSON, which means it ingests and interprets files from the provided target directory () — potentially untrusted, user-generated code or public repositories that could contain indirect prompt-injection content.