git-ape-onboarding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs gh api/gh repo commands (see "Command Playbook" and "Known Gotchas") to fetch repo and org data from GitHub (an open, user-controlled third‑party source) and uses those results to build OIDC subjects and drive federated credential updates and other onboarding decisions, so untrusted third‑party content is fetched and materially influences actions.