workflow-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's duplicate-detection and issue-creation workflow explicitly runs gh CLI searches against GitHub (see "Duplicate Detection" in modules/issue-templates.md and "Create Issue" Phase 4), which ingests public, user-generated GitHub issue content and uses those results to decide whether/how to create new issues, exposing the agent to untrusted third-party content that can influence actions.