draft-issue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to run gh issue list and gh label list against the i-am-bee/agentstack GitHub repo, meaning it will fetch and interpret public, user-generated GitHub issues/labels (untrusted third‑party content) to decide duplicates and labels.