skf-analyze-source

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow accepts project_paths that can be public URLs (steps-c/step-01-init.md), and the schema/steps explicitly instruct reading remote repositories and documentation (assets/skill-brief-schema.md's Version Detection uses gh api to read files; steps-c/step-02-scan-project.md and steps-c/step-04-map-and-detect.md require scanning/ingesting repo/doc content), so the agent will fetch and interpret untrusted public web/repo content which can materially influence export mapping, recommendations, and downstream tool actions.