github-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads user-generated GitHub content (issue bodies and comments) via MCP read tools such as mcp__github__issue_read (methods: get, get_comments) and instructs in SKILL.md to "Gather context" by fetching existing labels, issue details and comments, so untrusted third-party content from public GitHub could influence the agent's decisions or subsequent tool use.