secret-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly shows runtime scans of public repositories (e.g., "trufflehog git https://github.com/org/repo", ripgrep/gitleaks commands and other examples) which ingest and analyze untrusted, user-generated code from the open web as part of the workflow, so third-party content could influence findings and follow-up actions.