git

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's guidance (references/github-pr-operations.md) explicitly instructs scanning and reading open GitHub issues with gh (public, user-generated content) and using those issue bodies/titles to decide PR references and actions, so the agent would ingest untrusted third-party content that could influence its decisions.