gh-agent-session

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests and acts on user-generated GitHub issue content (e.g., workflows that trigger "When an issue is labeled..." and the agent-session issue descriptions used by gh agent-task) so arbitrary public issue text can be read and used to drive Copilot agent actions and PR creation.