badger-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and interpret GitHub issues and project item fields via gh api/graphql (e.g., repository AutumnsGrove/Lattice queries and project mutations), which are user-generated, public third-party contents that the agent reads and uses to decide sizes, priorities, moves, and timeline actions.