ghpm-work

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests GitHub issue bodies and comments (user-generated, untrusted content) as part of its workflow — e.g., references/clarify.md uses "gh issue view ... --json title,body,labels,comments" and then reads/edits those contents to draft issue edits, plans, and PRs, so third-party content directly influences agent actions.