github-ops

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill repeatedly fetches and processes user-generated GitHub content via the gh CLI (e.g., repos.sh fetching repo contents, discussions.sh listing/viewing discussion bodies, issues.sh and prs.sh reading issue/PR bodies/comments, gists.sh viewing gist contents, and actions.sh reading run logs), so untrusted third-party content from github.com is being ingested and could materially influence follow-up tool actions like creating/merging/rerunning resources.