github-issue-solve

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests user-generated GitHub issue bodies and comments via gh issue view and gh api .../issues/.../comments (see SKILL.md and references/issue-solve-workflow.md) and then directs the agent to extract acceptance criteria and drive code/PR actions from that content, which exposes it to untrusted third-party input that could inject instructions.