supervisor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and interprets user-generated content from GitHub (e.g., PR bodies, diffs, issue bodies, and comments) as part of its workflow—see commands like "gh pr view ... --json body", "gh pr view ... --comments", "gh issue view ...", and "gh api repos/.../pulls/.../comments"—and uses that content to decide merges, reviews, labels, and next actions, which could carry malicious or instructional content.