gh-issue-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The workflow ingests outsider-authored free text from GitHub repositories at runtime via gh api fetching CONTRIBUTING.md, issue templates under .github/ISSUE_TEMPLATE, and issue/template content (base64-decoded) in Phases 3 and 6, as well as potentially existing issue bodies shown in Phase 2.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs gh api calls at runtime (e.g., "gh api 'repos//contents/.github/ISSUE_TEMPLATE/'" and "gh api 'repos//contents/CONTRIBUTING.md'") to fetch and decode repository templates which are then injected into the agent's context and used to compose/follow issue-writing instructions, so external repo content can directly control the agent's output.