create-slash-commands

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly includes dynamic context examples that run commands which fetch public, user-generated content (e.g., "gh pr diff $1" and "gh pr view $1 --json state" shown in references/arguments.md and references/patterns.md) and states that bash command outputs are injected into the expanded prompt, so untrusted third‑party content can be read and materially influence the agent's actions.