github-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and acts on public, user-generated GitHub content—e.g., getPullRequestFiles, getPullRequest, searchIssues, searchCode and "分析 Issue 内容" in SKILL.md—which lets third-party PRs, issues, or repo files be ingested and influence automated reviews, labeling, or merges, enabling indirect prompt injection.