lfg

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and acts on public, user-generated third-party content — e.g., SKILL.md step 5 instructs running gh pr view --json number,url,body,state and then appending/replacing sections of the PR body (and earlier probes use gh repo view), so external PR/issue content from GitHub can be ingested and influence subsequent actions.