autonomous-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and parses untrusted GitHub issue bodies, comments, and PR inline review comments (see "Resume Awareness" and "Applying Pre-existing Changes" in references/autonomous-mode.md) and even instructs applying branch references or inline diffs from issue text, which can materially change actions the agent takes.