superteam

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's pre-flight and Finisher workflows explicitly read and interpret GitHub issue/PR state and user-generated PR comments, review threads, and bot findings (see pre-flight.md step 6 and the Finisher/latest-head PR completion gate in SKILL.md), meaning it ingests untrusted third-party content from GitHub and uses it to drive routing and next actions.