clawsweeper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly ingests and acts on user-generated GitHub content — e.g., issue/PR refs, maintainer prompts (additional_prompt), and freeform @clawsweeper comments described in the "Create One Repair Job" and "Maintainer Mentions"/"Freeform maintainer mentions" sections — meaning public/untrusted PR/issue/comment text is read and can influence repairs, dispatch, and merge-related actions.