project-init

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Step 5 explicitly instructs the agent to clone and then "inspect slides/README.md, slides/package.json, and the existing slide source files" from the external public GitHub repo https://github.com/a-green-hand-jack/progress-slides.git, which requires fetching and interpreting arbitrary third-party content that can influence subsequent actions (build/edit commands), creating a clear indirect prompt-injection vector.