skf-update-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow explicitly fetches and ingests open/public third-party content (e.g., GitHub repos via gh API and git clones in references/remote-source-resolution.md and re-fetching arbitrary doc_urls and remediation_paths in steps-c/step-03-re-extract.md), and the extracted/verified content is used to drive re-extraction, merge, and gating decisions, so untrusted external content can materially influence tool actions and next steps.