gh-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md (and accompanying references/automation-patterns.md and scripts) explicitly instruct use of gh commands like gh issue list, gh pr list/view, gh api, and gh gist view that fetch user-generated content from public GitHub issues/PRs/gists/repos, which the skill expects the agent to read/parse and can materially influence follow-on actions (e.g., auto-close/merge scripts).