cli-to-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md/examples explicitly instruct the agent to run CLIs that fetch and parse user-generated third-party content (e.g., "gh pr list --json ..." and "gh api repos///pulls/.../comments" in references/examples.md and the Recipes sections), meaning the agent will ingest and act on remote GitHub data which could contain untrusted instructions.