codewiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's code and SKILL.md show it uses Puppeteer to fetch and scrape public CodeWiki pages (e.g., https://codewiki.google/github.com/[owner]/[repo] in codewiki.js getRepoDocumentation and getFeaturedRepos), extracting document.body/TOC/code links that the agent reads and uses to produce outputs, which exposes it to untrusted third‑party content that could carry injected instructions.