github-workflow-standards

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires the agent to fetch and analyze user-generated GitHub content (issues, PRs, Discussions, releases) via calls like github_list_releases and repo-wide searches in the "Repository Discovery & Scope", "Discussion Thread Awareness", and "Enhanced Activity Signals" sections, so untrusted third-party content from GitHub can be ingested and materially influence agent decisions and actions.