command-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's examples and workflows explicitly run GitHub CLI to fetch PR content (e.g., "Fetch PR: !gh pr view $1" in SKILL.md and references/advanced-workflows.md), meaning the agent reads user-generated, public GitHub content and uses it to drive reviews and actions, which can enable indirect prompt injection.