github-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and read GitHub issues and their comments via the "Fetch" step (agent-tools-gh issue triage-summary) and the subagent templates (Issue {body}, URL), which are untrusted, user-generated content on public GitHub and are used to decide fixes and actions—so third-party content can influence tool use and next actions.