github-openapi-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to access the public GitHub API (network access to https://api.github.com in SKILL.md) and to run read operations like github-openapi-cli get:/repos/{owner}/{repo}/issues, .../pulls, and .../events (references/usage-patterns.md), which will return arbitrary user-generated content (issues, PRs, comments) that the agent is expected to read and could influence follow-up actions.