project-pulse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime script (scripts/pulse.sh) explicitly fetches GitHub issues and PRs via gh issue list and gh pr list for the target repo (resolved from args/env/git remote), and those user-generated public issue/PR contents are parsed into report.json whose next_actions are consumed to drive controller decisions, so untrusted third-party content can materially influence agent actions.