github-project-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and parses user-generated content from public GitHub (e.g., fetch_issue.py using "gh issue view" and select_issue.py using "gh issue list"), and those issue bodies/labels are fed into generated context prompts and implementation plans (implement_issue.py, docs/plans/*.md) which the agent reads and uses to decide/drive code changes and tool actions, so untrusted third-party content can influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly targets payment operations: it references the "booking-payment" epic, plans to "Create Stripe refund via API", lists "Stripe SDK (existing)" as a dependency, and includes implementation steps, scripts, and commits that integrate Stripe refund API (e.g., "Integrate Stripe refund API", update payment records with refund status). These are concrete payment-gateway actions (Stripe) — not generic automation — so it grants direct financial execution capability.