github-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Phase 1 fetch block explicitly uses the gh CLI to pull open GitHub issues and PRs (including bodies and comments), and the subagent prompt templates (e.g., SUBAGENT_ISSUE_QUESTION, SUBAGENT_PR_BUGFIX) require reading those user-generated issue/PR bodies and comments and then taking actions (comment/close/merge), so untrusted third-party content from GitHub can directly influence agent decisions and tool use.