ghpm-init

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated GitHub project data (e.g., via gh project view, gh project field-list, gh api graphql for views, and gh project item-list in Phases 1–4), and those untrusted contents (fields, view filters, items, repo URLs) are parsed and used to build config and drive behavior, so third-party data could indirectly inject instructions.