run-github-scout

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests public GitHub content (e.g., SKILL.md "GitHub-only" path: "repo READMEs" and Default workflow/step 4: "Read README intros"), and also allows optional web augmentation (references/search/web-search-patterns.md) to read public web/community content — all untrusted, user-generated sources that the agent is required to read and use to make shortlist and action decisions, creating a clear indirect prompt-injection surface.