issue-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required scripts (scripts/init-triage-session.ps1 and scripts/query-issues.ps1) explicitly fetch public GitHub data (milestones, labels, issue bodies and comments, linked PRs) from the dotnet/maui repository and the agent is expected to read and act on that user-generated content to suggest milestones and drive triage decisions, so untrusted third-party content can materially influence tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The scripts call the GitHub API at runtime (e.g., Invoke-RestMethod to https://api.github.com/repos/dotnet/maui/milestones?state=open&per_page=100 and gh api calls) to fetch milestone/label data that the skill uses to generate and drive triage suggestions (i.e., the external content directly controls the agent's milestone suggestions), and those calls are required for correct operation.