nemoclaw-maintainer-morning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow runs scripts (e.g., .agents/skills/.../scripts/triage.ts and version-target.ts) and GitHub CLI commands (gh-pr-merge-now, gh pr edit, find-review-pr) that fetch and process open PRs/issues from the NVIDIA/NemoClaw GitHub repository, meaning it ingests untrusted, user-generated content from GitHub which can directly influence labeling, merge decisions, and other agent actions.