worker-protocol

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs workers to "Read assigned issue completely" and "Check issue comments for context/history" and even uses a gh api call to query issue comments, which means it ingests user-generated content from repository issue trackers (untrusted third-party input) as part of its workflow.