github-projects

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows in SKILL.md and references/items.md explicitly instruct running gh commands that fetch and parse public GitHub content (e.g., "gh issue list --repo owner/repo", "gh project item-list ... --format json", and adding items by URL like https://github.com/.../issues/123), meaning the agent will ingest untrusted, user-generated web content (issues/PRs) and act on parsed fields/ids which can materially influence subsequent CLI actions.