qa-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Day 1 onboarding and master prompt explicitly instruct cloning external repositories (git clone ) and then reading and following the repository's tests/docs files (references/master_qa_prompt.md and Day 1 onboarding), so the agent would fetch and treat arbitrary third‑party repo content as authoritative and use it to drive actions (autonomous test execution, bug filing, escalations).