github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill autonomously fetches and ingests user-generated GitHub content (issue/PR comments via gh API in scripts/issue/invoke_copilot_assignment.py and PR CI logs via get_pr_check_logs.py referenced by the fix-ci SKILL.md) and explicitly uses that untrusted content to synthesize prompts/analysis and drive actions (posting comments, assigning Copilot, making code edits and commits), so third-party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). invoke_copilot_assignment.py calls the GitHub API at runtime (via gh api repos/{owner}/{repo}/issues/{issue_number} and the issues/{issue_number}/comments endpoints — e.g. https://api.github.com/repos/{owner}/{repo}/issues/{issue_number}) to fetch issue/comments which are then synthesized into an @copilot directive, meaning externally-hosted content directly controls prompts used by the agent.