cto-heartbeat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and reads GitHub issues and PRs via the gh CLI (see Step 1/Step 3: "gh pr list", "gh issue list" and "Read the issue title and body"), which are user-generated, potentially untrusted third-party contents that the agent interprets and acts on for triage/dispatch decisions.