bulk-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflows explicitly invoke gh issue list and gh issue view to fetch GitHub issue bodies and comments (see workflows/issue-triage.md and workflows/issue-task-loop.md), which are untrusted user-generated content that the agent reads and uses to plan and drive code edits and other actions, enabling indirect instruction injection.