agent-project-board-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill uses the GitHub CLI (e.g., gh issue list, gh project item-list, gh issue view, and related commands) to fetch project data, issues and issue bodies from GitHub — a public, user-generated source — which the agent then reads and interprets for syncing and analytics, exposing it to potential indirect prompt injection.