what-i-did

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md workflow explicitly fetches user events, commits, PRs, and comments from GitHub via gh api / gh search (e.g., Step 2 and Steps 3–4) — which are untrusted, user-generated third-party contents that the agent is required to read and interpret to produce summaries and a Slack-ready message, allowing those external texts to influence the agent's output/decisions.