gh-project-issue-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly runs "gh project view" and "gh project item-list" to load GitHub project items and linked issue content (user-generated/untrusted) and then reads and acts on those issues via $gh-issue-to-pr, so third-party GitHub content can materially influence decisions and actions.