dev-daily

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and ingesting user-generated content from GitHub (e.g., "gh project item-list", "gh pr list", and commit/issue data in the "タスク把握" and "日報生成" sections), which the agent is expected to read and use to classify tasks and generate reports, so untrusted third‑party content from public GitHub could influence actions.