github-discussion-query

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches GitHub discussions (including the discussion "body") from arbitrary repos via the gh CLI (see run_gh_command in query-discussions.py and the gh invocation in query-discussions.sh and SKILL.md), which are user-generated, untrusted third-party contents that the tool reads and can be filtered/acted on (e.g., with --jq '.'), enabling indirect prompt injection.