gh-sub-issue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's commands (e.g., gh sub-issue list <parent> and acceptance of full GitHub URLs shown in SKILL.md and EXAMPLES.md) explicitly fetch and parse GitHub issue data — user-generated, potentially public content — which the agent would read and could use to drive subsequent actions (create/link/remove sub-issues), enabling indirect prompt-injection via issue text.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires installing the GitHub CLI extension via "gh extension install yahsan2/gh-sub-issue" (fetches from https://github.com/yahsan2/gh-sub-issue), which downloads remote code that will be executed and is required for the skill to function.