github-operations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill routinely fetches and reads user-generated GitHub content (PRs, issues, comments, and code) via commands such as get_pull_request, list_pull_requests, list_issue_comments, and search_issues, so untrusted third‑party content could contain instructions that materially influence the agent's actions.