project-issues-batch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses GitHub project items and issue bodies/comments using the gh CLI (see "Phase 1: Fetch Issues" and "Phase 2: Analyze Dependencies"), which are untrusted, user-generated third-party contents that directly influence dependency resolution and subsequent PR creation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill invokes the gh CLI to fetch GitHub project items and issue bodies at runtime (e.g., https://github.com/owner/repo/projects/N), and those fetched issue contents directly drive the agent's implementation decisions, so the external URL is used at runtime to control agent behavior.