jfrog-system-config-repo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Git backend explicitly clones and reads manifests from an externally-specified repository (Inputs: state.git.repo) — see Operation D (git ls-remote) and Operation E (git clone / download latest manifest) — so it ingests untrusted third-party repo content that the agent uses to decide routing and actions.