oz

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly clones and reads arbitrary GitHub repositories (create-environment.md: "Repository Detection" / "Code Fetching") and injects GitHub issue title/body into agent prompts via the "GitHub Actions Integration" example, meaning the agent ingests untrusted, user-generated third-party content as part of its workflow.