using-jq

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly shows pipelines that fetch and process external, potentially user-generated JSON (e.g., "curl -s https://api.example.com/data | jq '.'" and multiple "gh api ... | jq -r" and "jira ... --raw | jq -r ..." examples in references/cli-integrations.md and SKILL.md), so the agent would read and act on untrusted third-party API/web content.