gadd-decompose

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to create and re-read external GitHub child issues via the GitHub REST API (e.g., "create the child issue first... call GitHub's sub_issues endpoint" and "Before updating an existing external child Work Item, re-read it. If its body changed... stop..."), so the agent will ingest user-generated GitHub issue content that can influence whether it stops, proceeds, or how it acts.