github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and interprets untrusted, user-generated GitHub content (e.g., via gh pr list --json ..., gh pr checks --json ..., and gh run view --log-failed described in references/pr-dashboard.md and references/ci-monitor.md), and uses those values to classify PRs, choose actions, auto-fetch logs, and influence commands, so third-party content can materially affect agent behavior.