issue-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to fetch and read public GitHub issue bodies, all comments, and linked PRs (see "Step 0: Fetch the Issue and Safety Scan" / "0a: Fetch the issue"), which are untrusted, user-generated third-party content that the agent must interpret to make triage decisions, creating a clear avenue for indirect prompt injection.