github-repo-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads GitHub public repositories (data source: "GitHub 公开仓库") and requires "deep read" of README, quick-start sections and Issue/PR activity in SKILL.md (Step Seven), so untrusted, user-generated content from GitHub can materially influence recommendations and agent actions.