ingest-github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly clones and reads public GitHub repositories (Step 2 "Clone shallow" and Step 3 "Find token files" / Step 4 "Read candidate files") and then uses that extracted content to drive downstream actions (Step 6 offers creating design systems/prototypes), so it ingests untrusted, user-generated third-party content that can influence behavior.