land

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's watcher (land_watch.py) explicitly fetches and parses GitHub issue and review comments via gh api endpoints (e.g., repos/{owner}/{repo}/issues/<pr_number>/comments and pulls/<pr_number>/comments) and uses the comment bodies to block/allow merging and drive actions (printing/comment-handling and raising exit codes), so untrusted, user-generated GitHub content can materially influence the agent's decisions.