to-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs in "1. Gather context" to fetch and read the full body and comments of an issue reference (number, URL, or path), which means the agent will ingest user-generated, potentially public issue/thread content that can influence how it breaks down and publishes issues.