project-add-items

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly accepts URLs such as "GitHub Issue 一覧, Wiki ページ等" in Step 1 and Step 2 requires the agent to parse that public, user-generated content to extract items that directly drive gh CLI project-item creation, so untrusted third-party content can materially influence actions.