4-step-program

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly requires reading and parsing user-generated GitHub issue and PR content (e.g., "gh issue view ", parsing issue body/checklists, and posting/reading PR reviews via mcp__github__create_pull_request_review) as a mandatory part of its workflow, so untrusted third-party content from GitHub can materially influence decisions and tool actions.