gh-enhance-issue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches public GitHub issues using "gh issue view" (Step 1) and then reads and interprets the issue's title, body, and labels to classify, rewrite, and ultimately update the issue (Steps 2–6), so untrusted, user-generated content from GitHub can materially influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill uses the GitHub issue URL (e.g., https://github.com/elastic/kibana/issues/12345) at runtime via the gh CLI to fetch an issue's title/body and inject that remote content into the agent's context to drive rewriting, so this external content directly controls the agent's input.