issue-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches GitHub issue and PR bodies and comments via the gh CLI (see "Phase 1 — Audit: Data Gathering" with gh issue list --json ... body, comments) and Phase 2 explicitly feeds those untrusted, user-generated issue bodies and last comments into a subagent prompt to generate analyses and actionable drafts (comments/labels/closures), so third-party content can materially influence tool actions.