next

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs scripts/../../scripts/open-issues.sh to fetch open GitHub issues (user-generated, public issue bodies) and parses those issue bodies/dependency_graph fields to build dependency graphs, rank recommendations, and drive actions like assigning issues, so untrusted issue text can materially influence the agent's decisions and tool use.