git

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's references/github-pr-operations.md explicitly instructs scanning and reading public GitHub issues (via gh issue list / gh issue view)—which are untrusted, user-generated third‑party content—and directs the agent to use that content to decide issue references and @mentions that will materially influence PR text and subsequent actions.