analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and analyzes GitHub issue content (title, description, comments, linked issues) via mcp__github-mcp__get_issue — i.e., user-generated, public third‑party content — and thus the agent will read/interpret untrusted external content as part of its workflow.