dora-metrics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly says the tool computes metrics "from local git and the GitHub API," so it ingests untrusted, user-generated GitHub content (PRs, issues, labels) which the agent reads to compute tiers and bottlenecks and thus can materially influence decisions (see SKILL.md and modules/agentic-workflow-signals.md).