gh-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill invokes the GitHub CLI (e.g., gh pr view, gh issue view, gh run view/download, gh repo clone) which fetches and displays user-generated content from GitHub (public repositories, PRs, issues, and run logs) that the agent would read and could base actions on, allowing indirect prompt injection.