scaffold-repository

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly instructs the agent to fetch and inspect live repository content from GitHub (e.g., "Obtaining the baseline" via gh api or git clone and the "GitHub repository settings"/audit checks using gh api or curl against https://api.github.com/repos//), meaning it will read untrusted, user-controlled public repo files and metadata and use those contents to drive realignment recommendations and actions.