reflect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and parses GitHub issue data (e.g., "gh issue list --state open --json ..." and "gh issue view N --json state") and posts comments or creates issues based on matching issue titles and content, which are untrusted, user-generated third‑party inputs that the agent reads and uses to decide actions.