oss-readiness

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and acts on user-provided repository content and GitHub metadata (e.g., treating AGENTS.md as the canonical agent-instructions and ingesting README/CHANGELOG via the llms-generation and checklist flows, plus gh repo view / gh api calls shown in references/checklist.md and references/llms-generation.md), so untrusted third‑party repo content can materially influence its decisions and tool actions.