autonomous-common

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill invokes the GitHub CLI (e.g., hooks/verify-completion.sh calling gh api/gh pr view and scripts/mark-issue-checkbox.sh, scripts/resolve-threads.sh using gh api/GraphQL) to fetch issue bodies and PR review comments (user-generated, public content) and then reads/parses that content to decide or block actions (e.g., blocking completion for unresolved comments, marking checkboxes, resolving threads), so untrusted third‑party content can materially influence agent behavior.