github-process-agent-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly calls GitHub via the gh CLI (see scripts/agent_issue_sweep.py: _list_issues and command_claim/_run_json_command which run "gh issue list" and "gh issue view") and SKILL.md requires inspecting and acting on Agent-labeled GitHub issues, so it ingests untrusted, user-generated issue content that can materially influence branch creation, test/run decisions, and PR actions.