ai-ship

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs GitHub commands (e.g., "gh issue list" and "Read the issue body fully") and instructs sub-agents to read PR context via "gh pr view / gh pr diff", meaning it ingests user-generated GitHub issue and PR content which can materially drive implementation and tool actions.