nemoclaw-maintainer-day

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scripts (notably scripts/check-gates.ts, scripts/triage.ts, scripts/hotspots.ts, and scripts/version-target.ts) explicitly call the GitHub CLI (gh api / gh pr list / pr view / graphql) to fetch PRs, review threads, and comments — untrusted, user-generated content that the agent parses (e.g., check-gates.ts inspects review comment bodies and CodeRabbit threads) and uses to decide approvals, routing, and next actions.