github-operations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and acts on user-generated GitHub content (issues, PR bodies, comments, diffs, commit messages) via gh api/gh pr commands and GraphQL—see SKILL.md, examples/automation-scripts.md, and rules/issue-tracking-automation.md—using that untrusted third-party content to drive automation (auto-merge, checklist completion, milestone changes), which could enable indirect prompt injection.