gh-bootstrap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 4 execution explicitly downloads and reads public GitHub repositories listed in specs/template-catalog.md (e.g., git clone https://github.com/actions/starter-workflows, stevemao/github-issue-templates, dec0dOS/amazing-github-template, othneildrew/Best-README-Template) and then reads/uses those third‑party template files as inputs, which are untrusted user-generated web content the agent is required to interpret and copy.