brand

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes explicit, required workflows that fetch and parse public third-party content—e.g., "Regeneration" in SKILL.md and the scripts/scripts generate-product-manifest.ts which fetches files from GitHub (and falls back to raw.githubusercontent.com)—and that fetched, user-authored repository content is ingested and used to produce tokens/brand context that can change downstream agent behavior, creating a clear vector for indirect prompt injection.