github-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to read GitHub tickets (Step 1 "Read the GitHub Ticket") and fetch/compare production URLs (Steps 4–6, including WebFetch and downloading media), which are untrusted, user-generated third‑party sources that the agent must interpret to decide actions (e.g., whether to pull a DB or run commands), enabling indirect prompt injection risk.