building-commands

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation explicitly shows commands that fetch and interpret user-generated content (e.g., "Pattern 2: Code Review Command" in SKILL.md / Common Command Patterns which says "Use GitHub CLI to fetch PR details and analyze changes"), meaning the agent is instructed to ingest third-party PR/post content that could contain instructions influencing its actions.