feature-video

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches PR details via "gh pr view [number] --json ..." and opens user-specified web pages with "agent-browser open '[base-url]/[start-route]'", meaning it ingests user-generated GitHub PR content and potentially arbitrary public/staging webpages as part of its workflow, which can influence navigation/clicking decisions and subsequent tool actions.