github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs using gh to fetch and read public, user-generated GitHub content (e.g., SKILL.md and references/* include commands like "gh pr view --comments", "gh issue view --comments", "gh run view --log", and "gh api repos/{owner}/{repo}") so untrusted third‑party PR/issue/comments/workflow logs are ingested and can materially influence actions such as reviews, merges, reruns, or workflow triggers.