triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated GitHub issue and PR content (see "Phase 1 — Issue Intake" commands like $GH issue view ... --json ... body,comments and PR diff fetching), and it requires the agent to read and act on that untrusted third-party content when classifying, proposing fixes, and drafting/posting comments, so it can enable indirect prompt injection.