skill-auditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes a remote-scanning feature that fetches arbitrary public GitHub repositories via scripts/scan-url.js (and then runs analyzers including the LLM semantic analyzer) so untrusted, user-generated code from GitHub is ingested and used to drive severity adjustments and CI actions (e.g., --use-llm and --fail-on-findings), allowing third-party content to materially influence decisions.