team-migration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 0 "Scope Detection" explicitly instructs fetching and parsing user-generated content from GitHub (e.g., gh pr view <N> --json title,body,comments, gh issue view <N> --json title,body,comments) and reading repository files (Glob + Read), meaning untrusted third‑party content from PRs/issues and public repos will be ingested and used to drive agent decisions.