project-tracking

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill directly fetches and parses GitHub user-generated content (issues and project board items) via commands like gh issue list, gh project item-list, and gh project field-list and then uses that content to decide whether to create, update, or move items (e.g., deduplication, automatic moves), so untrusted third-party issue/board text could influence agent actions.