rewind

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly directs the agent to consult public PRs/issues and other online PR/Issue content (e.g., "Look for related PR/Issue (Search #123 on GitHub/GitLab)" in references/best-practices.md and "Check PR/Issue when possible" in the archaeology guidance), which are untrusted, user-generated third‑party sources that the agent is expected to read and use as evidence to drive investigation decisions.