github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated GitHub content (e.g., failing CI logs via get_pr_check_logs.py and PR/issue comments via scripts like scripts/issue/invoke_copilot_assignment.py and SKILL.md / fix-ci.md), and those fetched comments/logs are parsed and used by the agent to decide and autonomously perform actions (analyze failures, generate fixes, post synthesized @copilot prompts), so untrusted third-party content can materially influence tool use and behavior.