to-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required "Gather context" step directs the agent to fetch and read issue bodies and comments from the project's issue tracker using gh (i.e., GitHub issue URLs), which are untrusted, user-generated third-party content that will directly influence the agent's breakdown decisions and subsequent actions.