issue-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads user-generated GitHub issue bodies and comments via gh-manager commands (see "Step 1: Fetch All Open Issues", "Step 2: Triage Each Issue" and "Post Activity Checks" in SKILL.md), and it uses that untrusted content to decide labels, closes, comments, and other actions—allowing indirect prompt-injection from third-party issue/comment text.