project-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts a GitHub URL and Phase 1 requires resolving/cloning the target repository (SKILL.md "source: local path or GitHub URL" and "Resolve the target repository (clone if URL)"), so it fetches and ingests arbitrary public repo content which the agents read and use to drive tool actions and document generation, enabling indirect prompt injection risks.