14:["$","div",null,{"className":"min-h-screen max-w-6xl mx-auto px-4 py-2 sm:py-12 sm:px-6 lg:px-8","children":["$","main",null,{"children":[["$","div",null,{"className":"flex items-center gap-2 text-sm text-(--ds-gray-600) mb-6 min-w-0","children":[["$","$L4",null,{"href":"/","className":"hover:text-foreground shrink-0","children":"skills"}],["$","span",null,{"className":"shrink-0","children":"/"}],["$","$L4",null,{"href":"/bmad-code-org","className":"hover:text-foreground truncate min-w-0","children":"bmad-code-org"}],["$","span",null,{"className":"shrink-0","children":"/"}],["$","$L4",null,{"href":"/bmad-code-org/bmad-method","className":"hover:text-foreground truncate min-w-0","children":"bmad-method"}],["$","span",null,{"className":"shrink-0","children":"/"}],["$","$L4",null,{"href":"/bmad-code-org/bmad-method/bmad-os-gh-triage","className":"hover:text-foreground truncate min-w-0","children":"bmad-os-gh-triage"}],["$","span",null,{"className":"shrink-0","children":"/"}],["$","span",null,{"className":"text-(--ds-gray-600) truncate lowercase","children":"Snyk"}]]}],["$","div",null,{"className":"mb-10","children":[["$","h1",null,{"className":"text-4xl font-semibold text-foreground tracking-tight mb-2","children":"bmad-os-gh-triage"}],["$","div",null,{"className":"flex flex-wrap items-center gap-2","children":[["$","span",null,{"className":"inline-block text-xs font-mono uppercase px-2 py-1 rounded bg-amber-500/10 text-amber-500","children":"Warn"}],["$","p",null,{"className":"text-sm text-(--ds-gray-600)","children":["Audited by"," ",["$","span",null,{"className":"text-foreground","children":"Snyk"}]," on"," ","Feb 22, 2026"]}]]}]]}],["$","div",null,{"className":"grid grid-cols-1 lg:grid-cols-12 gap-16","children":[["$","div",null,{"className":"lg:col-span-9 min-w-0 overflow-hidden","children":[["$","div",null,{"className":"mb-6 flex flex-wrap gap-1.5","children":[["$","span",null,{"className":"text-xs font-mono px-2 py-1 rounded text-amber-500 bg-amber-500/10 uppercase inline-flex items-center gap-1.5","children":[["$","svg",null,{"fill":"none","height":"14","viewBox":"0 0 14 14","width":"14","xmlns":"http://www.w3.org/2000/svg","children":["$","g",null,{"fill":"currentColor","children":[["$","rect",null,{"height":"10","rx":"1","width":"3","x":"1","y":"2"}],["$","rect",null,{"height":"10","rx":"1","width":"3","x":"5.5","y":"2"}],["$","rect",null,{"height":"10","opacity":".4","rx":"1","width":"3","x":"10","y":"2"}]]}]}],"Risk Level: ","MEDIUM"]}],"$undefined"]}],false,[["$","section",null,{"className":"mb-10","children":["$","div",null,{"className":"rounded border border-border overflow-hidden","children":[["$","div",null,{"className":"text-sm font-mono uppercase text-white p-4 border-b border-border","children":"Full Analysis"}],["$","div",null,{"className":"p-4","children":["$","div",null,{"className":"prose prose-invert max-w-none prose-headings:font-semibold prose-headings:tracking-tight prose-h1:text-4xl prose-h1:mb-2 prose-h2:text-2xl prose-h2:mb-2 prose-h3:text-lg prose-h3:mb-2 prose-p:text-muted-foreground prose-p:leading-relaxed prose-li:text-muted-foreground prose-ul:space-y-2 prose-ol:space-y-2 prose-code:bg-muted prose-code:text-foreground prose-code:px-1 prose-code:py-0.5 prose-code:rounded-sm prose-code:text-sm prose-code:before:content-none prose-code:after:content-none prose-pre:bg-muted prose-pre:text-foreground prose-pre:border prose-pre:border-border prose-pre:rounded-md prose-hr:border-border prose-hr:my-4 [&_p:has(>.snyk-sev)]:text-foreground [&_table]:!border-[color:var(--border)] [&_th]:!border-[color:var(--border)] [&_td]:!border-[color:var(--border)]","dangerouslySetInnerHTML":{"__html":"

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The skill's Execution Step 1 explicitly instructs using gh issue list to fetch open GitHub issues (public, user‑generated content) and the agent is required to read and triage those issues—so untrusted third‑party content from GitHub can directly influence its analysis and follow-up gh commands.

"}}]}]]}]}],"$undefined"]]}],"$L1c"]}]]}]}]