makecourse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and helper explicitly clone/read course repositories (e.g., the "sync step clones the repo" and the helper/Workflow that reads README.md, introduction.md, syllabus.md and lesson files from Gitee or other source repos) and uses that untrusted, user-generated repository content to infer course id/title/stage and drive config updates and publishing actions, so third-party content can materially influence behavior.