github-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs the agent to fetch and read GitHub issue data (e.g., "gh issue view ", "gh issue list", and search results) from repositories, which are untrusted, user-generated public content on GitHub that the agent is expected to interpret and use to decide searches, avoid duplicates, and perform edits — creating risk of indirect prompt injection.