invoking-github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's github_client (scripts/github_client.py) and SKILL.md / references/iterating-integration.md explicitly read arbitrary files from GitHub repos (e.g., read_file and resume_session_from_github that fetch DEVLOG.md), meaning untrusted, user-generated repository content from the public web is ingested and can directly influence commits, PR creation, and next actions.