cli-gh

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill clearly fetches and interprets public, user-generated GitHub content (e.g., examples/issue-triage.sh uses gh issue list and reads issue title/body; workflow-monitor.sh uses gh run list/gh run view; many SKILL.md examples call gh api/gh pr list) and then takes automated actions (apply labels, assign, merge, trigger workflows), so untrusted third-party content from GitHub can materially influence tool decisions.