Command Development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's command examples and workflows (e.g., SKILL.md and references/advanced-workflows.md) explicitly run GitHub CLI commands like !gh pr view $1 --json title,body,author,files`` and !gh pr diff $1 --name-only` which fetch user-generated PR content from GitHub that the agent is expected to read and act on, enabling indirect prompt injection risk.