github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md instructs the agent to fetch and read GitHub user-generated content (PR inline comments, reviews, and issue comments) via gh API endpoints such as /pulls/{pr}/comments, /pulls/{pr}/reviews, and /issues/{pr}/comments, which are public third-party sources that could contain instructions influencing agent actions.