announce

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches PRs, issues, and release notes from GitHub using the GitHub CLI (commands like "gh pr list", "gh issue list", and "gh release view"), ingesting user-generated/untrusted content (PR/issue titles and bodies) that the agent will read and synthesize.