autonomous-dispatcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and parses untrusted, user-generated GitHub issue bodies and comments via gh commands (e.g., the "Check Dependencies" step that reads the "## Dependencies" section and the "Pending-Dev" step that extracts Dev Session IDs and counts Agent Session Report comments), and uses that content to decide dispatching, labeling, and tool actions, creating a clear vector for indirect prompt injection.