skill-deep-dive

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md Research step explicitly instructs the agent to run gh CLI searches and to read GitHub code, READMEs, issues and PRs (e.g., "gh search code", "gh issue list", "gh pr list"), which are untrusted, user-generated third‑party sources that the agent will read and use to drive its synthesis and next actions.