gh-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs the agent to use the GitHub CLI to search and view public GitHub content (e.g., "gh search", "gh repo view", "gh issue view", "gh gist view" and viewing PRs/issues), which are untrusted, user-generated, open-web sources that the agent would read and interpret.