skill-feedback-collection

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — Phase 4 ("Link to existing issues/discussions") explicitly directs the agent to search and read GitHub issues/discussions via gh search issues or the GitHub web search and to base its decision (comment vs create a new issue) on that user-generated content, which is an untrusted third-party source that can influence subsequent actions.