do-issue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests user-generated issue content from third-party git platforms (see modules/issue-discovery.md and the commands like gh issue view ... --json title,body,labels,comments / glab issue view) and then reads and interprets those issue bodies/comments to generate tasks and drive agent behavior, so untrusted external content can materially influence subsequent tool use and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches issue content at runtime (e.g., via "gh issue view https://github.com/owner/repo/issues/42 --json title,body,..."), and that fetched issue body is injected into prompts/instructions that drive subagents, so the external GitHub issue URL is a runtime dependency that directly controls agent behavior.