help

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Phase 1b state-gathering explicitly runs GitHub queries (e.g., gh pr list --head ..., gh issue list --state open --json ..., and gh api "repos/{owner}/{repo}/milestones?...") to ingest open PRs, issues, and milestones — i.e., user-generated, third‑party GitHub content that the agent must read and that directly drives its recommendation, creating a clear vector for indirect prompt injection.