github-workflow-standards

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to load and interpret user-generated GitHub content (issues, PRs, Discussions, comments, releases, and repository files like .github/agents/preferences.md) via GitHub API calls (e.g., github_list_releases, repository discovery across "all repos") which are untrusted third-party sources and are used to drive prioritization, actions, and follow-up suggestions, creating a clear avenue for indirect prompt injection.