gh

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's SKILL.md explicitly instructs the agent to fetch and view user-generated GitHub content (e.g., "gh issue list", "gh pr view", "gh repo view" commands), which are open/public and untrusted and could contain instructions that materially influence subsequent tool use or decisions.