agentflow-evals

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's docs (references/operations-and-dogfood.md and references/suite-authoring.md) explicitly describe a "real-world" eval path that runs npm run setup:realworld-evals to clone pinned upstream GitHub repos into eval-repos and then uses those local repo fixtures (environment.repo) as scenario inputs that the agent will read and act on, which exposes untrusted, user-generated third‑party content that can materially influence decisions and tool use.