agent-issue-tracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill calls GitHub-reading tools (mcp__github__search_issues, mcp__github__get_issue, mcp__github__list_issues and related functions) which ingest and interpret user-generated/public GitHub issue bodies and comments, exposing the agent to untrusted third-party content that could contain injected instructions.