repo-analyzer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly performs WebSearch and uses WebFetch/tavily_crawl to traverse project websites (Stage 3) and also clones public repos via git clone when no local path is provided (Stage 1), meaning the agent must fetch and read untrusted public web pages and user-generated repository content which can influence analysis decisions and subsequent actions.