octocode-slides

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Phase 1/2 research flow explicitly reads public web pages and GitHub repos (references/01-brief.md Step 3 — GitHub repo URLs, references/02-research.md Step 3 "Web research", and SKILL.md "Evidence" → "Web research"), appends those untrusted third-party findings to request.md, and requires the agent to use them to decide outline, claims, charts, libraries, and implementation—so external user-generated/open-web content is ingested and can materially change tool use and next actions.