gist-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly reads user-generated GitHub Gists (see SKILL.md workflow and notes that gist_list/gist_get return full file contents), so untrusted public gist content could be ingested and influence the agent's subsequent actions.