pick-copilot-tag

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The scripts (scripts/check-proposals.sh) call the GitHub CLI (gh api) to fetch package.json and the proposals TS file from public GitHub repos (e.g., microsoft/vscode-copilot-chat and posit-dev/positron) and then parse that user-authored content at runtime to decide which upstream tags are compatible, so untrusted third-party content can materially influence the agent's decisions.