oss-contributor-swarm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests public, user-generated GitHub content (issues, comments, PRs, repository files via gh CLI and git clone) as part of its required workflow—see agents/agent-1-issue-scout.md, agent-2-issue-analyst.md, agent-3-codebase-explorer.md, agent-8-review-responder.md and SKILL.md—so untrusted third‑party content is read and can directly influence agent decisions and automated actions.