wf0-remote

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and acts on GitHub Issue comments, issue bodies, and PR review comments (see "Remote Commands (Issue Comments)" and "Revision Workflow" in SKILL.md), which are untrusted, user-generated third-party content that can directly trigger executions like /approve, /next and automated processing.