overlay

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and interprets untrusted, user-generated GitHub content (PR comments and PR/commit files via gh CLI and curl to raw.githubusercontent.com) as part of required workflows — see references/ci-feedback.md and workflows/fix-build.md / workflows/analyze-pr.md which instruct reading PR comments and upstream backstage.json and then taking actions like updating files or triggering /publish.