discover-tasks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly says it discovers and ranks tasks from GitHub and GitLab (public, user-generated sources) and custom sources, so the agent will fetch and interpret untrusted third-party content that can influence task selection and subsequent actions, enabling indirect prompt injection.