creating-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads repository and GitHub data (e.g., .claude/github-workflows/env.json and live GitHub content via the gh CLI in scripts/issue-helpers.py and SKILL.md — listing labels, milestones, and projects) and uses those user-generated, potentially public fields to auto-detect scope and decide labels/project actions, so untrusted third-party content can influence its decisions and tool use.