gh-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses user-generated GitHub content (issues, issue bodies, PR bodies, review comments and inline comments) via the GitHub REST API in Phase 2 (Fetch Issues) and Phase 6 (PR Review Handler) and then reads/acts on that content (sub-agents decide whether to implement fixes, what code to change, and what actions to take), which allows untrusted third-party text to influence tool use and agent behavior.