using-github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests user-generated GitHub content (issues, PRs, review threads, commit messages) via the gh API/GraphQL as part of required workflows—for example, workflows/write-changelog.md Step 3 walks issue timelines and reads PR mergeCommit.messageHeadline, and workflows/pr-comments.md Step 2 enumerates review threads and reads comment bodies—which the agent must interpret to decide categorization, replies, and subsequent mutations.