triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md, Process step 2 and the dynamic context injection lines) explicitly runs gh commands like gh issue view {number} --json ... and gh label list to fetch issue titles and full bodies (user-generated GitHub issue content) which the agent must read and use to decide and apply labels, exposing it to untrusted third‑party content that can influence actions.