finding-on-github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly instructs the agent to use the GitHub CLI to fetch and read commits, issues, and pull requests from public repositories (GitHub issues/PRs/commit messages), which are untrusted, user-generated third-party content that the agent must interpret and that can materially change its actions (e.g., stop or proceed).