forward

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). FLAG: The skill's required workflow explicitly runs GitHub CLI commands (e.g., "gh issue list --search", "gh pr list --state open" described in "Then: Create Issues" and the cleanup context) to read repository issues/PRs (user-generated public content) and uses those results to decide whether to create issues or drive cleanup actions, so third-party content can materially influence agent behavior.