full-ai-stack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (references/agents-installation.md) explicitly instructs reading/cloning the public GitHub repo https://github.com/CarlosChiva/code-agents-team.git, and the included scripts then read and modify agent .md files (from $HOME/.config/opencode/agents or the cloned repo), meaning untrusted third-party content could be ingested and influence configuration/tool actions.