gh-aw-safe-outputs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires the agent to read and act on user-generated repository content—e.g., "Analyze this issue" (Example 1), "Review this codebase" and "Update documentation" (Examples 2–3) in SKILL.md—so untrusted third‑party issue/PR/file contents can be ingested and influence creation of safeoutputs (issues, PRs, comments, files, labels).