command-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows (e.g., the PR workflow and advanced-workflows sections in SKILL.md and references/advanced-workflows.md) explicitly run commands like !gh pr view $1, `!`gh pr diff $1, and similar gh/git calls to fetch GitHub pull request data and file contents (user-generated, third‑party content) which the agent is expected to read and then act on (review, approve, request changes), enabling indirect prompt injection risk.