workon

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads GitHub issue content using "gh issue view [N] --repo ..." (public, user-generated GitHub issues) and ingests the issue title/body to produce instructions and spawn worktrees/send tasks, so untrusted third-party issue text could influence agent behavior.