triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads GitHub issue/PR bodies, search results, and discussion titles using commands like gh issue view, gh pr view, gh search issues, and the GitHub discussions API for the peteonrails/voxtype repo, which are public, user-generated (untrusted) third-party content that the agent interprets as part of its workflow.