open-source-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (AGENTS.md and SKILL.md) explicitly instructs the agent to analyze a GitHub repository and scan git history using tools like github_api and git_history_analyzer (ingesting user-generated/public repo contents) and to block or change subsequent actions (e.g., require running Git History Cleaner) based on what it finds, so it clearly reads untrusted third-party content that can influence behavior.