overvy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill pulls issues from connected GitHub repositories (noted in "Issues are sourced from connected GitHub repositories") and explicitly instructs the agent in "Workflow: Research the issue" to run "gh issue view" and "Read the full issue body, comments, and labels", meaning it ingests untrusted, user-generated third-party content that the agent must interpret to decide actions.