gitea

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the agent uses Membrane to connect to arbitrary Gitea instances and run actions that fetch user-generated content (e.g., "List Issue Comments", "List Issues", "Get Issue" and other List/Get actions), which the agent is expected to read and act on—so untrusted third-party content from those repos/issues/PRs could inject instructions.