github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md instructs the agent to run gh commands that fetch and view user-generated GitHub content (e.g., "gh pr view 123 --comments", "gh issue view 456", "gh gist view gist_id", "gh run view 12345")—public third‑party data the agent must read and could materially influence actions like reviews, merges, or workflow triggers.