GitHub Workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill routinely fetches and parses user-generated GitHub content (issues, PRs, review comments, commits, release notes) via gh CLI and gh api calls—e.g., gh pr view / gh api repos/{owner}/{repo}/pulls/$PR_NUM/comments and the included scripts (scripts/activity-summary.sh, release-notes.sh, repo-health.sh, my-items.sh)—and uses that content to decide actions (triage, suggest/apply fixes, request reviewers, merge, generate changelogs), so untrusted third-party text could indirectly inject instructions that influence tool use.