githubbing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs using the GitHub CLI to "view repos" and "create issues, PRs" (i.e., fetch and act on public GitHub content such as repos, READMEs, issues/PRs which are user-generated and untrusted), and the install script also pulls artifacts from cli.github.com, so the agent would read/interprete third‑party user content that could contain injuctive instructions.