github-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries GitHub and "Read[s] the full issue: body, all comments" (SKILL.md Step 1 and "Show What Needs Attention"), consuming user-generated issue bodies and comments from public third-party sources which the agent then interprets to make triage decisions — allowing untrusted content to influence actions.