skf-test-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow explicitly instructs the agent to read remote public repositories and web-backed sources (e.g., "State 4 — ...remote reading tools (zread, deepwiki, gh API, or similar) ... read the entry point remotely" in Step 3 Source Access Resolution and use of the gh CLI/QMD in Deep tier in Step 3/Step 4), so it will fetch and interpret untrusted, user-authored third-party content as part of its analysis and scoring, which can materially influence subsequent decisions.