ghpm-init

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches project metadata, fields, views, and items from GitHub using gh commands and a GraphQL query (see Phase 1 step 3, Phase 2 step 5, Phase 3 step 8, Phase 4 step 10), and it preserves and uses user-generated view/filter strings, item data, and issue titles/labels to build config and drive behaviors (branch naming, status_sync, nudges/comments), so untrusted third-party content from GitHub can materially influence agent decisions and actions.