github-gist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows and reference files (SKILL.md, references/search-and-manage.md, and references/workflows.md) instruct the agent to list, view, clone, and even raw-pipe GitHub gists (public user-generated content) — i.e., fetching and executing arbitrary third-party gist content — which could inject instructions that change subsequent actions.