gh

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The cheatsheet explicitly instructs the agent to fetch and view public, user-generated GitHub content (e.g., "gh issue view 123 --comments", "gh gist view ", and "gh api repos/{owner}/{repo}/issues"), which are open third-party sources that the agent would read and could contain untrusted input enabling indirect prompt injection.