github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly uses the gh CLI and gh api/GraphQL commands (see SKILL.md and references/automation-workflows.md) to fetch and parse public GitHub resources—issues, PRs, run logs, code, and gists—which are untrusted, user-generated content that the agent is expected to read and that can directly drive actions (reruns, creating issues, merges), enabling indirect prompt injection.