octocode-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly calls GitHub/package search and file-read tools (e.g., POST /tools/call/githubSearchCode and githubGetFileContent as documented in API_REFERENCE.md/README.md) and SKILL.md Phase 4 requires the agent to "read the response", "verbalize hints" and "follow hints", meaning untrusted, user-generated web content from third‑party repos will be ingested and can directly guide subsequent tool use.