skill-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill calls the public GitHub API (githubRequest in discover.js and evaluate.js, e.g., /search/repositories and /repos/.../readme and /topics) and directly reads untrusted repository metadata, README and topics to score, recommend, and auto-generate manifests—so attacker-controlled, user-generated content from GitHub can materially influence recommendations and subsequent integration actions.