read-github-activity

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and scripts/fetch-github-activity.sh explicitly call the gh CLI / GitHub APIs to fetch PRs, reviews, comments, and user events (including PR titles, body snippets and comment_body) — i.e., untrusted, user-generated GitHub content that the agent is expected to ingest and that could materially influence decisions or follow-up actions.