github-issue-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (scripts/issue_pr_closeout.py) call gh issue view and gh pr view to fetch GitHub issue bodies and comments (user-generated, public content) and SKILL.md explicitly requires inspecting recent issues/comments, and that fetched content is parsed to decide blockers and whether to open or merge PRs, so untrusted third-party text can materially influence tool actions.