glab-resolve

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and scripts (scripts/fetch_discussions.sh calling glab api "projects/.../merge_requests/<MR_ID>/notes" and scripts/filter_unprocessed.py which reads note["body"]) explicitly fetch and parse GitLab MR comments (user-generated, potentially untrusted) and the SKILL.md steps require the agent to analyze those comments and drive code-change decisions and commits based on them, creating a clear avenue for indirect prompt injection.