cut

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs "gh issue view {番号} --json title,labels,body" to fetch GitHub issue title/body/labels (user-generated, potentially public content) and directly uses that content to generate branch names, prefixes, and PR titles, so untrusted third-party content can influence actions.