issues-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and processes public, user-generated GitHub content (issue URLs, labels, bodies) as part of its runtime workflow — e.g., the posttooluse hook in references/auto-link-config.md calls gh issue view to read labels and SKILL.md shows gh issue list ... | while read url; do gh project item-add ... --url "$url" and GraphQL queries in references/graphql-queries.md that read issue bodies — so untrusted third-party content can directly influence tool actions (auto-linking, project item additions).