netresearch-branding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's checkpoints.yaml (llm_reviews NB-20) explicitly instructs the agent to call the GitHub API (gh api repos/{owner}/{repo} --jq '.description') and base PASS/FAIL decisions on the repository description — an untrusted, user-provided third-party input that the agent is expected to read and act on.