github-workflow-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflows explicitly send user-generated GitHub content (PR diffs, changed files, issue titles/bodies, and comments obtained via gh / context.payload and steps like "Get diff", "Analyze issue", and the mention-bot's "Get context") to external AI calls, exposing the agent to untrusted third-party input that could contain indirect prompt injections.