autonomous-orchestration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and interprets user-generated content from public GitHub data (gh issue/pr list, gh pr view, gh api "/issues/.../comments", project board items) and even enables WebFetch/WebSearch for research workers, so the agent will read and act on untrusted third-party content (issue/PR bodies and comments) as part of its workflow, creating a prompt-injection risk.