gh-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs use of gh commands (e.g., "gh issue view", "gh pr list", "gh api repos/{owner}/{repo}/issues") that fetch and interpret user-generated content from public GitHub repositories, which the agent would read and could let untrusted third-party instructions influence subsequent actions.