github-workflow-standards

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and interpret user-generated GitHub content (issues, PRs, Discussions, reactions, releases, and repo files such as .github/agents/preferences.md via the GitHub API and repo discovery) and to use that content to prioritize actions and drive follow-up operations, which creates a clear channel for untrusted third-party content to influence behavior.