gh-cli-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's guidance explicitly runs gh commands that access public GitHub data (e.g., "gh api repos/owner/repo --verbose", "gh search repos", and references to public repos/issues/PRs), which are open, user-generated third-party contents the agent would read and interpret as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs the agent to provide and run elevated commands that modify system files and package state (e.g., sudo apt install, writing to /usr/share/keyrings and /etc/apt/sources.list.d), which changes the machine state and requires sudo privileges.