gadd-approve

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflows explicitly read and reconcile external tracker state in "GitHub tracker mode" (e.g., "external tracker sync metadata when configured" and "Before updating a managed GitHub body, re-read the external body and compare recorded hash/timestamp" in SKILL.md), which causes the agent to fetch and interpret user-generated GitHub issue content that could influence approval actions.