github-repo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and audits live GitHub repositories using the gh CLI and local repo files (see SKILL.md Phase 0: "Use gh CLI if authenticated" and Phase 1: "quote the actual state"), which are arbitrary user-generated/public third-party contents that the agent is expected to interpret and use to drive file generation and next actions.