suggesting-next-steps

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Open work on GitHub" workflow explicitly instructs the agent to run gh pr list, gh issue list, and gh run list to fetch GitHub PRs, issues, and CI runs—untrusted, user-generated third-party content that the agent must read and use to decide/prioritise next actions.