phoenix-github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs runtime use of the GitHub CLI and GraphQL against the public Arize-ai/phoenix repository (e.g., "gh api repos/Arize-ai/phoenix/issues/{number}" and project GraphQL mutations), meaning the agent will fetch and act on user-generated GitHub issue content which could contain instructions that influence its actions.