github-project-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflows and GraphQL fallback explicitly call github_list_projects, github_get_issue, github_list_project_fields and direct GitHub GraphQL queries to read project titles/descriptions, issue bodies, and field/options from GitHub (public, user-generated content), and those results are parsed and used to choose projects, fields, and follow-up operations—exposing the agent to untrusted third-party content that could influence actions.