issue-create

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required execution steps explicitly instruct the agent to fetch and read GitHub issue content (e.g., "gh issue view <番号>" and using gh api to retrieve issue data) — i.e., user-generated public GitHub issues — and to base actions (whether to start work, how to populate child issues, and linking) on that content, which exposes the agent to untrusted third‑party input that could carry indirect prompt injection.