triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly tells the agent to "Query the issue tracker" and in "Gather context" to read the full issue body and comments from the issue tracker (user-generated GitHub issues), which are untrusted third-party content that the agent must interpret and that can change its triage decisions.