autonomous-orchestration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill repeatedly uses the GitHub CLI to read and act on public, user-generated content—e.g., gh pr list / gh pr view (PR bodies), gh api "/repos/.../issues/.../comments" (issue comments), gh issue list and project queries—and explicitly instructs research workers to "Begin by reading the worker logs and issue comments," which means it ingests and interprets untrusted third‑party content from GitHub.