github-images

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs fetching and downloading images and body_html from GitHub issues/PRs (public/user-generated content) and then using "Read" to view them, meaning untrusted third-party content from issue/PR pages can be ingested and could influence agent behavior.