fusion-issue-solving

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly requires ingesting GitHub issue content (e.g., "Read the issue body, labels, and linked discussions once...") and treats public GitHub issue URLs as primary inputs, meaning it will fetch and act on user-generated, third-party content from GitHub that can influence actions like edits, assignments, and PR creation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill requires a GitHub issue URL at runtime (e.g., https://github.com/owner/repo/issues/123 or owner/repo#123) and explicitly instructs the agent to read the issue body/labels/discussions and reuse that fetched content to drive implementation, so external content fetched during runtime can directly control agent prompts.