github-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls MCP read tools (mcp__github__issue_read, mcp__github__list_issues, mcp__github__search_issues) and the SKILL.md workflow instructs the agent to fetch issue details and comments from GitHub (user-generated, public content) to gather context and drive create/update decisions, so untrusted third‑party content is read and can influence actions.