join

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes user-generated GitHub content (PR titles/bodies/files via gh pr list/view, Actions runs/logs via gh run list/view) and external patch manifests from the runtime "patch inbox" (assets/cloud-join-manifest.* and the operator prompt), and those untrusted inputs are parsed and used to decide routing, apply fixes, and trigger gh actions, so third-party content can materially influence agent behavior.