research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly runs "gh issue view" (SKILL.md step 2) to fetch and analyze GitHub issues — public, user-generated content — and uses that content to drive analysis and implementation decisions, so untrusted third-party text could materially influence agent behavior.