repo-watch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill calls the GitHub API (e.g., gh api "repos/{gh_org}/{repo}/issues/{number}/reactions") to read user-generated reactions on issues and uses those reactions (👍/👎 by the owner account) to decide whether to clone or exclude repos, so untrusted third-party content directly influences agent actions.