github-issue-processing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and read open GitHub issues from https://github.com/kongshan001/kanban-framework/issues (via gh issue list/view) and to interpret issue bodies to decide actions (create tasks, close issues, write inbox), which are untrusted, user-generated third‑party contents that can influence tool use and next steps.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime explicitly instructs the agent to fetch open issues and their bodies from https://github.com/kongshan001/kanban-framework/issues and inject that content into the processing workflow (agent prompts/context), so the external URL directly controls agent behavior at runtime.