github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md instructs the agent to fetch and act on public GitHub content (e.g., "gh issue view ... --comments", "gh api repos/OWNER/REPO/contents/...", and "gh search code"), which ingests untrusted, user-generated web content that the agent is expected to read and can materially influence subsequent actions—enabling indirect prompt injection.