git

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to fetch and operate on arbitrary public repositories and user-generated content (e.g., "git clone ", "git clone owner/repo", and explicit gh api calls like "gh api repos/owner/repo/pulls/123/comments" and "gh pr view"), so the agent would read and interpret untrusted third‑party content from the open web/GitHub as part of its workflow.