gh-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill clearly fetches and parses public, user-generated GitHub content (e.g., examples/issue-triage.sh uses gh issue list --json number,title,body,author and parses issue titles/bodies; other scripts use gh run view, gh api, and gh search to ingest workflow files, logs, PRs, and repo content), so the agent would read and interpret untrusted third‑party content.