to-issues

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md "Process -> 1. Gather context" instructs the agent to fetch an issue by number/URL/path from an issue tracker and read the full body and comments, which are user-generated/untrusted third-party content that the agent must interpret and that will influence how it drafts and publishes issues.