issue-analyze

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Phase 1 explicitly runs "gh issue view --json ..." to fetch GitHub issue content (public, user-generated) and then instructs the agent to read that issue text and use it to classify, derive a Codex prompt, and choose/execute investigation actions, so untrusted third-party content can directly influence tool use and decisions.