github-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill invokes the GitHub CLI (see SKILL.md and github_skill.py run_gh and command handlers) to fetch PRs, issues, review comments and notifications from GitHub—user-generated, third‑party content that the agent ingests and incorporates into outputs and decision-making (e.g., vault formatting, review-driven summaries), which could carry malicious instructions enabling indirect prompt injection.