headless-ghidra-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly states it "enriches function metadata from third-party evidence" and lists artifacts//third-party/identified.yaml as a required input that the agent reads to decide renames/signatures applied via ghidra-agent-cli, so untrusted third-party content can directly influence tool actions.