context-mode-ops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows (triage-issue.md, review-pr.md, marketing.md, etc.) explicitly fetch and ingest public third‑party content—e.g., "gh issue view", "gh pr view", "gh api …", and WebSearch/Context7/ctx_fetch_and_index calls—to read issue/PR bodies, comments, diffs, GitHub metadata, and external docs, and those fetched, untrusted user-generated sources are then used to verify claims and drive decisions/actions (spawn agents, merge, release), creating a clear indirect prompt-injection risk.