skills-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's preprocessing and PR-workflow examples (e.g., references/preprocessing.md and the pr-summary template) explicitly run commands like !gh pr diff, !gh pr view --comments and suggest curl/API calls, which pull GitHub PR text and external API responses (untrusted, user-generated content) that the agent is expected to read and summarize, enabling indirect prompt injection.