triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly launches external AI CLIs (Claude, Gemini, Codex) and sends repository context to those third-party services, then reads and merges their outputs (produced by the remote models) into findings, patches, and AI memory files as part of the normal workflow (see SKILL.md / README.md and the CLI/MCP code in dist/cli.js and dist/mcp-server.js), so untrusted model responses can materially influence decisions and follow-up actions.