triage-issue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow explicitly fetches GitHub issue bodies, comments, and discussions (see "Step 1: Fetch Issue Details" using gh issue view ... --comments and "Step 3: Check for Duplicates" using gh api .../discussions), which are user-generated, untrusted third‑party content that the agent reads and uses to draft responses and take actions, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill issues runtime GitHub fetches (e.g., gh issue view --repo kube-hetzner/terraform-hcloud-kube-hetzner and gh api repos/kube-hetzner/terraform-hcloud-kube-hetzner/discussions) which retrieve remote issue/comment content that is then injected into the agent's analysis and response drafting, so the external repo content can directly control prompts.