work-on-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses issue bodies and comments from public trackers (e.g., "gh issue view --comments", "glab issue view -F json") and pastes the full issue body/acceptance criteria into sub-agent prompts and the DEPS parser, meaning untrusted user-generated content from GitHub/GitLab is read and directly drives implementation and orchestration decisions.