github-context

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public GitHub content — issues, PRs, comments, review threads, diffs, commits, and CI logs (e.g., via refs or GitHub URLs like https://github.com/... and the collected files under ${GITHUB_CONTEXT_DIR}/github/) — which is user-generated and read by the agent as part of its workflow, exposing it to untrusted third‑party content that could carry indirect prompt injection.