skill-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's instructions (SKILL.md content rules and the "Dynamic Context Injection" section in reference.md) explicitly require using the !command pattern (examples: `!`gh pr diff / "fetching live API responses") which runs commands that fetch open/public, user-generated content (PR diffs/comments and other live API responses) and injects that untrusted content into the agent's prompt to be read and acted on, enabling indirect prompt injection.