milestone-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches repository data via the GitHub CLI (e.g., gh api repos/$GITHUB_OWNER/$GITHUB_REPO/milestones, gh issue list, and related gh issue comment/gh api calls), causing the agent to read and act on user-generated, potentially public/untrusted content from third-party GitHub repositories.