autonomous-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and parse user-generated GitHub content (issue bodies, PR inline comments, review threads and bot reviews) via gh api/CLI calls as part of its autonomous workflow (see references/autonomous-mode.md and references/review-commands.md), so untrusted third‑party text can directly influence decisions and actions like applying patches, cherry-picks, and triggering reviews.