address-github-issue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs gh issue view ... to fetch a GitHub issue's title, body, and comments (see Step 3) and then instructs the PM and developer agents to read and act on that issue content (see Steps 4, 7, 9), so untrusted, user-generated GitHub issue/comments can directly influence agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill fetches GitHub issue content at runtime (e.g., https://github.com/owner/repo/issues/42 and owner/repo#number via the gh CLI) and injects that content into spawned agents' prompts to control their instructions, so this external content directly controls agent behavior and is required for the skill to operate.