orient

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Step 1 explicitly runs "gh issue view --json title,body,labels,assignees" (SKILL.md), causing the agent to fetch and read GitHub issue text (user-generated third-party content) and then use that content to auto-detect task type and route actions, which could let injected instructions in issues influence behavior.