skills-managing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's INGEST protocol explicitly runs "git clone {repo} .agent/skills/_import" and imports selected repositories, meaning the agent fetches and reads arbitrary external git content (untrusted user-provided third-party data) as part of its workflow.