gh-cli-use

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to run gh commands that read user-generated GitHub content (e.g., "gh issue list/view", "gh pr view/diff", "gh run view/watch") and then act (create branches, develop issues, merge, rerun workflows), so it ingests untrusted public third‑party content from GitHub that can materially influence subsequent actions.