agent-issue-tracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md usage patterns explicitly call GitHub-reading tools (mcp__github__get_issue, mcp__github__list_issues, mcp__github__search_issues and Bash/gh commands) to read and coordinate on GitHub issues — which are public, user-generated content — and that content is used to drive orchestration and automated updates, so untrusted third-party text can influence agent actions.