github-issue-create

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read source GitHub issue text and comments (SKILL.md: "Gather only the context needed ... source issue text/comments") and uses gh/gh api calls (references/gh-commands.md) to ingest user-generated, potentially public GitHub content that will be interpreted to draft and create issues, so untrusted third-party content can influence actions.