agentic-flow-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and its worked examples (e.g., the "PR Review Agent" in references/pr-review-agent-example.md and the small flow "Repo Security Scanner") explicitly instruct the agent to fetch and read GitHub repo files and PR diffs—untrusted, user-generated third-party content—which the agent is expected to interpret and use to drive decisions and side-effecting actions.