github-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches task content via data-source commands and find-skills in Step 1 (e.g., running commands.get / commands.comments for ClickUp/Jira/Notion or using find-skills on user-provided URLs) to retrieve titles, descriptions and comments from external task platforms, so the agent ingests untrusted, user-generated third-party content.