vulture-sweep

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and read GitHub issue content with commands like "gh issue list --repo AutumnsGrove/GroveEngine --state open --json ... body" and to interpret those user-generated issue bodies/comments to verify and close or consolidate issues, so untrusted third-party content can directly influence actions.