github-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls GitHub MCP tools (e.g., mcp__github__get_issue, mcp__github__list_issues) and its SKILL.md workflow instructs the agent to "Gather context: Get repo info, existing labels, milestones" and to fetch current issues for updates, which means it ingests user-generated content from public GitHub repositories that could contain instructions influencing behavior.