tea

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly connects to external Gitea instances (self-hosted or public) to manage repositories, issues, and PRs (see SKILL.md "Core Scenario" and checklist to confirm Gitea instance URL and token), which means it will fetch and act on user-generated content from third-party servers.