gh-daily

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests user-generated GitHub content (issues, PRs, notifications) via the gh CLI in "Phase 3: Gather Activity Data" (e.g., gh issue list, gh pr list, gh api notifications) and then instructs subagents in "Phase 4" to read/classify and act on that content, so untrusted third‑party text can materially influence agent behavior.