reproduce

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly requires analyzing and "Follow the reproduction steps from the issue" (Step 3), meaning the agent will read and act on user-generated GitHub issue content (public, untrusted third-party text) which can directly drive reproduction actions—so it exposes the agent to indirect prompt injection risk.