github-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to call GitHub APIs (e.g., the provided gh api graphql query and gh label list / milestones / projects commands) to fetch repository labels, milestones, issue types, and projects — which are user-generated, third‑party GitHub content that the agent must read and use to choose and apply metadata when creating issues/PRs, so it could materially influence tool decisions.