swain-status

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly calls the GitHub CLI to fetch open issues for the repository (collect_issues in scripts/swain-status.sh) and includes those user-generated GitHub issues and linked-issue data in the rendered Agent Summary (Open GitHub Issues / Linked Issues sections), meaning untrusted third‑party content from GitHub is read and presented as part of the agent's decision/triage workflow.