commit-push-close

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly runs GitHub commands like gh issue view <num> --json state,labels,title,url and inspects issue conversation/context and labels (user-generated content) to choose commit prefixes and drive create/close actions, so untrusted third-party issue content can influence the agent's decisions and tool use.