github-label-agent-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses user-generated GitHub content (e.g., list_open_issues calling "gh issue list --repo ... --json number,title,body,labels,..." and fetch_open_milestones / evaluate_repo_projects using "gh api" and "gh project"), and then uses issue titles/bodies and project/milestone data to decide labels, post comments, and assign milestones—so untrusted third-party issue content can materially influence agent actions.