gh-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows (SKILL.md and references) instruct the agent to run gh commands like gh pr view, gh issue view, gh search, and gh api which fetch and interpret user-generated, public GitHub content (PRs, issues, comments, code) — untrusted third-party sources that could influence subsequent actions such as merges or commands.