coding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly includes PR review and CI remediation workflows (SKILL.md domain triggers) and the concrete reference skills/coding/references/gh-pr-review-fix.md instruct agents to run gh/gh-api commands (e.g., "gh pr view --comments", "gh api repos/:owner/:repo/pulls//comments") to fetch review comments, issue comments and CI logs — i.e., ingesting untrusted, user-generated GitHub content that the agent is expected to read and act on, which could carry indirect prompt-injection risk.