code-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly ingests user-provided Git repository data (commit messages and file contents) from the required repo_path — see SKILL.md and src/main.py together with src/analyzers/base_analyzer.py which uses PyDriller to traverse commits — and that untrusted, user-generated content is analyzed and used to compute scores and drive the evaluator's outputs, so it can materially influence agent decisions.