github-dashboard

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow explicitly fetches and ingests public, user-generated GitHub content (e.g., GET /repos/{owner}/{repo}, contributors, search issues/PRs) as required inputs for dashboard data and recent-activity rows, so untrusted third-party text from issues/PRs and repository metadata is read and used to drive the artifact's metrics and presentation.