geekbot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation (SKILL.md and reporter-workflows.md) explicitly instructs the agent to opportunistically pull and use data from connected MCP servers—e.g., GitHub, Jira, Calendar, and Slack—which are untrusted/user-generated sources and are read and interpreted to pre-populate drafts, drive analytics, and influence CLI actions, so third-party content could materially alter agent behavior.