gitops-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts or clones arbitrary GitOps repositories (see "Step 1: Detect GitOps Repository" where it asks the user to provide a local path or "Or I can clone it: git@github.com:org/gitops-repo.git" and parses git remotes), then renders and diffs manifests and scans code from those repos to drive audit results and automated actions, so it ingests untrusted third‑party content that can materially influence behavior.