project-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's sync script and workflow explicitly call the GitHub CLI (e.g., runGh(["issue","list",..."]) and runGh(["project","item-list",..."]) to ingest GitHub issues and project items—public, user-generated content—which the agent is expected to read and use to update trackers and drive issue/project actions, creating a clear avenue for indirect prompt injection.