skf-brief-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow explicitly fetches and analyzes external repositories and docs (see steps-c/step-02-analyze-target.md: "Use gh api repos/{owner}/{repo}" and reading repo contents/version files, and steps-c/step-01/03 which accept arbitrary documentation URLs for docs-only mode), so the agent ingests untrusted public GitHub and web documentation that can materially influence scope, versioning, and follow-up actions.