session-start

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads user-generated GitHub content (project items and fields via gh project item-list/GH_CACHE_ITEMS, PR bodies via gh pr list, and instructs to "Read the issue
• Full description and all comments"), which are open/public/untrusted third-party sources and thus could carry indirect prompt injection.