github-commit-push

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow and script explicitly fetch and pull from arbitrary remote GitHub repositories (e.g., "git fetch origin" and "git pull origin main" in SKILL.md and scripts/commit-and-push.sh), thereby ingesting untrusted, user-generated repo content that can be merged into and materially alter the codebase or subsequent actions.