skill-system-github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and interprets user-generated GitHub content—e.g., "gh issue list" used for duplicate detection in scripts/manage-issues.md and "gh api repos/.../contents/..." used to read/update workflow and template files in scripts/manage-workflows.md and scripts/manage-templates.md—so untrusted third-party repository content can influence decisions and subsequent tool actions.