repository-readme-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The required runtime workflow can ingest outsider-authored free text because it runs python3 scripts/repo_readme_probe.py <repo>, and that probe reads repository files (e.g., README.md, package.json, .env.example, and other manifests/scripts) from the target repo into LLM context as evidence; if the repo content is authored by someone other than the operating user, it is outsider text.