triage-issue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads arbitrary GitHub issue content (Step 2: "gh issue view $ARGUMENTS --json title,body,labels,author" and related issue/PR listing in Step 3), which are public, user-generated third‑party inputs the agent must interpret to decide classifications, reproduce bugs, and drive fixes — creating a clear indirect prompt-injection risk.