relay-dispatch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts (e.g., dispatch-publish.js and the recovery playbook / recover-state flow described in references/recovery-playbook.md and implied recover-commit/recover-state scripts) invoke the GitHub CLI ("gh") and fetch GitHub issue/PR titles and bodies (user-generated, public content) and explicitly compare/parse PR body/title to decide manifest state transitions and PR metadata, so untrusted third‑party content is read and can materially influence next actions.