issue-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly runs gh issue list and gh issue view to read issue titles, bodies and comments from the repository (user-generated GitHub issues/comments) and then uses that content to decide labels, duplicates, and actions, so untrusted third-party content can influence agent decisions.