shen-shi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and analyzes public GitHub Issues and PRs (e.g., commands like "/审视 ", "/审视 ", examples "读取 PR 详情/Read PR details" and allowed actions "gh pr view" / "gh api (GET only)") which are user-generated, untrusted third‑party content and are used to drive classifications, priorities, and recommended actions in the reports, enabling indirect prompt-injection risk.