executing-tasks-from-any-source

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill fetches and parses GitHub issue content using commands like "gh issue view $ISSUE_NUM" (GitHub issues are user-generated/untrusted third-party content) and then directly reads/interprets that content as part of its workflow, exposing the agent to possible indirect prompt injection.