dev-issue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly runs "gh issue view --json number,title,body,labels,state,comments" (and related "gh pr list" / "gh issue list" searches) per SKILL.md step 2, so the agent fetches and interprets user-generated GitHub issue and PR text (untrusted third-party content) which directly influences branch naming, briefs, spawn decisions, and other actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls gh issue view (e.g., fetching https://github.com/s-hiraoku/synapse-a2a/issues/467) at runtime and directly uses the fetched issue body to construct the LLM task brief, so external GitHub issue content can control agent prompts.