oh-task

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads GitHub issue title/body via "gh issue view --json ...", which is user-generated, third-party content that the agent is instructed to interpret and use to guide work and decisions (steps 3 and 6 in SKILL.md), so it can enable indirect prompt injection.