contributor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to fetch and deep-read public GitHub issue bodies and comment threads using gh CLI (e.g., Phase 1.3 "gh issue view -R / --json body,comments" and Phase 1.4 cross-repo PR checks), which are untrusted, user-generated third-party content that the agent must interpret to choose actions or stop—creating a clear avenue for indirect prompt injection.