github-trending

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill's scripts explicitly scrape public GitHub pages (https://github.com/trending) and fetch raw, user-authored README files from raw.githubusercontent.com as part of its required workflow, so untrusted, user-generated content is ingested and returned/parsed and could contain instructions that influence subsequent actions.