github-sync-helper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill clearly fetches and ingests untrusted, user-generated content from the public web—e.g., git clone --url (arbitrary repo URLs) and numerous GitHub API calls implemented in the script (gh-issues-list, gh-pr-list, gh-actions-list, gh-actions-dispatch, gh-releases-list, etc.)—and the agent is expected to read/interpret those results (repo/issue/PR lists, workflow details) and take follow-up actions, so third-party content can materially influence tool use and decisions.