octocat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's instructions require using the gh CLI to read and act on GitHub data (e.g., creating/managing PRs, issues, watching CI checks and repository state) as part of its workflow, which exposes the agent to user-generated content on public GitHub repositories that could contain adversarial instructions.