reverse-engineer-rpi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly clones and parses arbitrary public upstream repositories (via the --upstream-repo / --upstream-ref flow and the repo_fixture_test.sh) and can fetch docs pages (via --docs-sitemap-url and scripts/fetch_url.py), and it treats that untrusted repo/docs content as authoritative input to generate feature-registry/specs and drive downstream actions, so third-party content can materially influence the agent.