ghx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the SKILL.md explicitly instructs fetching user-generated content from GitHub (e.g., via "gh issue view", "gh api repos/owner/repo/issues/123/comments --paginate", "gh pr view", and the GraphQL query) and using issue/PR bodies, comments, and review threads as workflow inputs, which could contain untrusted instructions that influence subsequent actions.