triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). The required runtime workflow ingests outsider-authored issue/PR content (body, comments, author text, and PR diff) via the issue tracker “Read the full issue or PR (body, comments…; for a PR, the diff too)” step, which is then parsed and fed into the agent’s LLM context.