github-operations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and referenced files (e.g., examples/automation-scripts.md, references/graphql-api.md, and rules/issue-tracking-automation.md) show the agent running gh api/gh pr/gh issue and GraphQL queries (and using claude --from-pr) to fetch and parse public GitHub issues, PRs, comments and diffs (user-generated content) and then acting on that data (auto-merge, milestone changes, auto-complete checkboxes, session resumption), so untrusted third‑party content can directly influence tool actions.