takt-facet-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows explicitly instruct the agent to fetch and read third‑party, user‑generated content—e.g., "gather-review" uses gh pr view {number} / gh pr diff {number} to retrieve PR descriptions/diffs and linked Issue comments, and "research-dig" directs downloading CSV/JSON from public sources—so the agent will ingest untrusted public web and repository content that can materially influence decisions and tool actions.