vcs-issue-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly instructs the agent to "Read the latest comments and current state of the issue" from GitHub/GitLab (user-generated issue comments), which the agent then interprets to decide comments, assignments, or state changes, creating a clear avenue for indirect prompt injection.