github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs using gh and gh api (e.g., gh pr, gh issue, gh run, gh api repos/owner/repo/pulls/...) to fetch PRs, issues, and run logs from GitHub—public, user-generated content—which the agent is expected to read and could materially influence subsequent actions.