dispatch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to read and triage GitHub Issues and open PRs (user-generated content on GitHub) and to base labels, investigations, reviews, and follow-up actions on that content, exposing the agent to untrusted third-party input.