project-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and analyze GitHub repository data and user-generated content via gh CLI and GraphQL calls (e.g., "gh repo view", "gh project list", "gh issue list", "gh pr list", git log", and GraphQL queries in references/gh-commands.md), using those external issues/PRs/commits to form proposals and decide on issue creation, so untrusted third-party content from GitHub can materially influence actions.