gh-fetch-issue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Outsider-authored GitHub issue/comment text (including arbitrary markdown/HTML with image URLs) is fetched at runtime via gh issue view ... --json ... and then ingested into the LLM through the generated ${OUT_DIR}/issue.md (with downloaded asset URLs rewritten to local paths).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The script fetches live issue content via gh issue view and downloads images at runtime from GitHub URLs (e.g., https://user-images.githubusercontent.com/ and https://github.com/.../releases/download/...), and that external content is written into issue.md and consumed by Claude — meaning remote content can directly control the agent's prompts.