exploring-github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill uses the gh CLI to fetch and read public GitHub repositories, files, issues, PRs, and comments (e.g., gh api repos/OWNER/REPO/contents/PATH, gh issue view, gh pr view), which are untrusted, user-generated third-party content that the agent is explicitly instructed to read and interpret.