issue-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md "Fetch Issues" workflow explicitly instructs the agent to fetch and read public GitHub issues (via GitHub MCP list_issues or the gh CLI's issue list/view) and then categorize/label/comment/close them, so untrusted, user-generated issue content is ingested and can materially influence tool actions.