orchestration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches GitHub issue content via "gh issue view" and GraphQL in Phase 1 and then extracts an "## Agent Prompt" from the issue body to construct Task prompts (Phase 4), meaning untrusted, user-generated issue text from public repos is ingested and directly influences agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill fetches GitHub issue content at runtime via GitHub API/gh commands (e.g., gh issue view, gh api repos/:owner/:repo/milestones, gh api graphql -> https://api.github.com) and injects the issue body directly as the agent prompt, so the external GitHub API is a required runtime dependency that controls prompts.