oss-launch-kit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill fetches and ingests untrusted, user-provided GitHub repo content (README and metadata) via scripts/fetch_repo_context.py (calls the GitHub API /repos/{owner}/{repo}/readme) and then build_product_brief.py / generate_assets.py explicitly read and act on that content to decide launch readiness, channel fitness, and generate posting drafts—so third-party content can materially influence agent behavior.