windows-worktree-repo-operations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's SKILL.md instructs the agent to run gh/gh api/GraphQL commands (e.g., "gh pr view", "gh api repos/.../pulls/.../comments", and the GraphQL reviewThreads queries) to fetch PRs, reviews, and comment bodies from GitHub — user-generated, public content that the agent is expected to read and act on (reply/resolve threads), making indirect prompt injection possible.