check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required triage and PR handling workflow explicitly runs GitHub commands (e.g., "gh issue list -R " and "gh pr list -R ") and reads repository/public files (README, release notes, CI workflows) and open issues/PRs — all untrusted, user-generated public content that the agent is expected to interpret and that can directly change tool actions (comments, merges, closes, pushes).