obsidian-github-issue-fetcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The sync.sh script (called by SKILL.md/README) invokes the gh CLI to fetch GitHub issues—including each issue's body—directly from the repository (gh issue list ... --json ... body) and writes user-generated issue content into the user's Obsidian vault, so untrusted third-party content is ingested and can materially affect files and downstream behavior.