github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill uses the gh CLI (see scripts/github.py and SKILL.md examples like "prs view", "issues view", "search", and daily PR/workflow workflows) to fetch and format GitHub issues, PRs, comments and workflow runs from public/user-generated repositories, which the agent is expected to read and then take actions (reviews, merges, reruns), so untrusted third-party content could supply instructions that influence behavior.