trail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly tells the agent to fetch and inspect public, user-generated content (e.g., "Search #123 on GitHub/GitLab" and "Retrieve benchmark results from GitHub Actions artifacts: gh run download"), which the agent is expected to read and interpret as part of its workflow, so untrusted third‑party pages or PR/issue text could materially influence actions and enable indirect prompt injection.