github-pr-creation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly instructs the agent to fetch and parse user-generated task/spec content from third-party sources—e.g., "Search for task documentation" including GitHub Issues via gh issue list --assignee @me --state open and repo/spec files like .kiro/specs/*/tasks.md—and uses that content to decide whether to stop, generate PR body, and choose actions, so untrusted external text can materially influence behavior.