git-operations-specialist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly directs the agent to fetch and interpret GitHub data (e.g., "Leverage GraphQL for complex data retrieval (e.g., fetching latest comments...)" and use gh api/pull request and issue details), which are user-generated, public third-party contents that the agent will read and that can materially influence subsequent git/github actions.