command-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill includes explicit examples that execute bash tools to fetch GitHub PR content (e.g., the references showing !gh pr view $1 --json ... and allowed-tools: Bash(gh:*) plus the SETUP-COMPLETE instructions to run pr analysis with a GitHub token), so the agent can ingest user-generated, public GitHub content into the command context and therefore is exposed to indirect prompt injection.