github-milestone-cycle-ops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly pulls live GitHub state (open issues, PRs, project boards, labels, etc.) using gh/GraphQL in the mandatory "Build Live Context" and uses that user-generated GitHub content (and optionally web research via $agent-browser) to drive planning and GitHub mutations, so untrusted third-party content can directly influence actions.