gh

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — SKILL.md (notably references/gh.md and the "Erk Integration" section) instructs the agent to run commands like gh pr list, gh pr view, and gh api graphql to fetch PRs, issues, discussions and project data from GitHub (public, user-generated content), and that fetched content is parsed and used to drive actions such as cleanup, merging, and automation, so untrusted third‑party content could indirectly inject instructions.