he-bing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and acts on user-generated GitHub PR data (e.g., gh pr checks and waiting for the Cubic-dev-ai bot "No issues found" PR comment in Phase 3) as part of its merge decision, exposing the agent to potentially untrusted third-party PR comments and CI output that could contain indirect instructions.