gh-bootstrap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly performs git clone of public GitHub repositories listed in specs/template-catalog.md and phases/04-execution.md (e.g., "git clone --depth 1 https://github.com/{owner}/{repo} .gh-bootstrap-cache/{component}") and then reads those downloaded template files (Read: .gh-bootstrap-cache/...), using their content to render and write configuration files—i.e., it ingests and acts on untrusted, user/third‑party web content at runtime, which can materially influence generated workflows and subsequent actions.