GitHub Issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to call github-mcp(get_issue), github-mcp(list_issues), and github-mcp(search_issues) to fetch and read GitHub issue titles and bodies (user-generated content on public repositories), and those retrieved issue bodies are used to inform actions like updates, comments, and creation—so untrusted third-party content can materially influence the agent's decisions.