lovstudio-gh-tidy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md "Scan" step invokes gh issue list and gh pr list to fetch GitHub issues/PRs (user-generated, potentially public third-party content) which the agent is required to read, summarize, and use to make triage decisions and execute gh CLI actions, so untrusted content can materially influence behavior.