community-project-publish

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests public, user-published project files (exports.py: fork_project downloads files using gateway.fetch_raw_file and _enumerate_project_files calls the GitHub Trees API; lib/gateway.fetch_raw_file hits raw.githubusercontent.com), then parses manifests/PROJECT.md and uses that data to build install/run commands in lib/install.py, so untrusted third-party content can directly influence the agent's actions and tooling decisions.