github-ops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches and interprets user-generated content from public GitHub (e.g., repos/contents in scripts/repos.sh, discussion bodies via scripts/discussions.sh, issues/prs via scripts/issues.sh and scripts/prs.sh) using the gh CLI, and those fetched pages/comments/files are read and can drive actions (comments, PR creation/merges, workflow dispatch), so untrusted third-party content could inject instructions affecting tool use.