gh-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and referenced files explicitly instruct use of gh commands that fetch and display public, user-generated GitHub content (e.g., gh pr view, gh issue view, gh gist view, gh search, gh api, gh browse, gh run view --log), which the agent would read/interpret as part of its workflow and could materially influence follow-up actions like merging or rerunning workflows.