community-health

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly fetches and analyzes public, user-generated GitHub content (e.g., "gh-manager repo community" and "gh-manager files get --repo owner/name --path CONTRIBUTING.md") and uses those file contents to drive accuracy checks and decisions to create/commit/PR changes, so untrusted repo files could materially influence agent actions.