gh-stack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and parses live GitHub data (e.g., via gh stack view --json, gh stack checkout , gh stack sync, and gh stack link) which pulls public, user-generated PR/commit/branch metadata from GitHub and the SKILL.md instructs the agent to read that JSON and take actions (rebase, checkout, create/update PRs), so untrusted third-party content can materially influence tool use.