github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill uses the gh CLI to fetch and display GitHub issue bodies and comments (see VIEW_ISSUE.md and LIST_ISSUES.md), which are user-generated/untrusted third-party content that the agent is instructed to read, summarize, and base follow-up actions on (e.g., suggest updates, close, or assign), enabling indirect prompt injection.