wjs-auditing-project

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs gh commands (e.g., "gh pr list --state open ..." and "gh run list ...") and reads PRs, CI logs, and other GitHub-hosted PR/CI data as part of its required Investigate phase, which ingests user-generated third‑party content that can affect decisions and tool actions.