repo-security-posture

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). The skill’s runtime path fetches outsider-authored repository workflow/config text from raw.githubusercontent.com (e.g., .github/workflows/*.yml via list_workflows() → request(dl, raw=True) / get_file()), and that fetched free-form YAML is then placed into the agent’s LLM context as part of the generated inventory/report.