work-issue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly fetches and ingests GitHub issue content via "Fetch issue details — Use gh issue view <number> --json title,body,labels,assignees,milestone" (public, user-generated content) and then relies on that content to name branches, analyze scope, and determine implementation steps, so untrusted third-party content can materially influence the agent's actions.