ghx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill's context collection flow (ghx.sh context collect -> scripts/collect.sh and scripts/lib/helpers.sh) explicitly fetches PR/issue comments, review threads, diffs, check runs, and workflow logs from GitHub via gh api/GraphQL (public, user-generated content) and writes them to manifest/artifact files that are then read by publishing logic (scripts/publish.sh and scripts/lib/publish.sh) to drive decisions and posts, so untrusted third‑party content can materially influence tool actions.