github-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly reads and acts on public, user-generated GitHub content (e.g., get_file_contents, getPullRequestFiles, searchCode, searchIssues and the "Issue 自动分类"/"自动化代码审查" workflows in SKILL.md), so untrusted third‑party content from repositories/PRs/issues can be ingested and influence automated decisions and actions.