objective

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to read and act on GitHub issue bodies, comments, and linked PRs (e.g., "Getting Up to Speed: Read the issue body", "Read recent comments", and commands like gh issue view --comments), which are user-generated/public content the agent ingests and uses to decide next actions—allowing untrusted third-party content to influence behavior.