ai-repo-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill’s workflow can ingest outsider-authored free text when it integrates with an external issue tracker: it queries tracker items and uses their descriptions/status (publicly authored by others) as LLM context during “query the tracker for current status” and “create issues… write back the ID,” which can include arbitrary issue body text from non-operating users.