github-dependabot-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The Python script (scripts/dependabot_report.py) invokes the GitHub CLI to fetch Dependabot alerts and repository topics from the specified GitHub orgs, and scripts/run-report.mjs then reads the generated report and passes that reportContent directly into the Anthropic API to compose a Slack message—so untrusted GitHub advisory/repo content can be interpreted by the model and influence its outputs and downstream Slack posting.