github-workflow-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows explicitly ingest user-generated GitHub content (e.g., PR diffs in "AI Review" 1.1 using ${{ steps.diff.outputs.diff }}, issue title/body in "Issue Triage" 2.1/2.2, and comment text + PR/issue context in the "@mention Bot" 5.1) and feed that content to AI which then takes actions (reviews, labels, comments, rebases), so untrusted third-party input can materially influence agent behavior and enable indirect prompt injection.