worker-protocol

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses issue comments via the GitHub API in the "Pre-PR Verification" step (gh api "/repos/$OWNER/$REPO/issues/$ISSUE/comments"), which ingests user-generated/untrusted issue comments that the agent reads and interprets for review status.