analyze-oss

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly clones arbitrary public GitHub repositories (Phase 1: git clone into ~/opensource-analysis/), then instructs the agent and parallel subagents to read README, package files, examples, commits, and other repo content (Phase 2/3), so untrusted, user-generated third‑party content is ingested and used to drive analysis and agent outputs.