team-debug

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Scope Detection explicitly runs "gh pr view --json title,body,files" and "gh issue view --json title,body,comments" and instructs providing that PR/issue content (user-generated GitHub text and comments) as full context to subagents, so untrusted third-party content is ingested and can influence agent decisions.