authentication-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows and scripts explicitly invoke external CLIs (e.g., gh api, gh pr view, gh pr comments) to fetch and parse GitHub/GitLab/AWS data (see modules/interactive-auth.md and examples/workflow-integration.md), meaning it ingests untrusted, user-generated third‑party content which can influence subsequent tool actions (e.g., creating issues or syncing data).