check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's triage flow in SKILL.md explicitly runs gh issue list and gh pr list to pull open GitHub issues/PRs (public, user-generated content) and requires the agent to read and act on those items (classify, triage, draft replies, and perform GitHub operations), so untrusted third-party content can materially influence decisions and tool use.