skill-composer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's references and examples (references/compatibility-matrix.md and references/examples.md, e.g., "pr-workflow (miner)" which "Mines GitHub PR review comments" and Example 4 showing it extracts PR comments) show the composer may include a skill that fetches public GitHub PR comments (user-generated, untrusted) and uses those findings to drive planning and downstream skill selection, so third-party content can materially influence actions.