gh-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs using GitHub CLI commands in the "PR Workflow" and "Review Workflow" (e.g., "gh pr list", "gh pr view", "gh pr review", "gh pr merge", and "gh api repos/OWNER/REPO/pulls"), which fetch and act on public GitHub PRs/issues/comments—untrusted, user-generated third‑party content that the agent would read and could materially influence follow-up actions.