create-agent-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's advanced.md describes "動的コンテキスト注入" that runs shell commands like !gh pr view --comments and embeds their output (e.g., PR comments and diffs) into the skill before loading, which clearly ingests untrusted, user-generated third‑party content that the agent will read and can influence subsequent actions.