gh-aw

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow triggers and guidance (see "Trigger Patterns" — e.g., issue_comment + command parsing and IssueOps for opened issues — and the "Lockdown Mode (Public Repos)" section) show the agent is intended to read and act on public GitHub issue/comment content (user-generated, untrusted) which can materially influence actions like adding comments or creating PRs despite mitigation guidance like "NEVER pass raw github.event.issue.body".