managing-relationships

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime scripts and SKILL.md explicitly call out and execute GraphQL queries via "gh api graphql" (see run_graphql and the multiple query/mutation strings in scripts/manage-relationships.py and SKILL.md) to fetch issue IDs, titles, states, and relationships from GitHub issues — which are user-generated, potentially public content that the tool ingests and uses to decide/drive mutations like addSubIssue/removeSubIssue.