source-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s Flow 1 sync path fetches outsider-authored free text from public GitHub sources at runtime (e.g., gh issue list / gh api graphql for repo issues & discussions bodies/titles, and gh api repos/<owner/name>/commits for commit subjects), which is then ingested into the agent’s LLM context during reconciliation/triage.