issue-driven

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly runs gh commands that fetch and parse GitHub issue/PR content at runtime (e.g., "gh issue view {N} --json body", "gh issue list...", "gh pr list..."), which are user-generated, potentially public third‑party contents that the agent reads and uses to determine updates/branch names/PR bodies and thus can influence its actions.