github-issue-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The workflow’s Phase 1 uses gh issue view <N> to fetch and display the outsider-authored GitHub issue body/comments (public/authenticated GitHub content) to the user, which is readable text that can be included in the agent’s LLM context; although it says not to parse/propagate it, the runtime ingestion of the raw issue text still creates indirect prompt-injection exposure.