goose-migrate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads the open GitHub issue board (user-generated, public content) using the gh command shown in SKILL.md (Phase 1 SURVEY: "gh issue list --state open ...") and then interprets and uses that issue text to cluster, translate, and drive Todoist actions, so untrusted third-party content can materially influence agent decisions.