gh

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's SKILL.md explicitly lists GitHub CLI commands that fetch and display public, user-generated GitHub content (e.g., "gh repo clone owner/repo", "gh repo view --web", "gh api repos/{owner}/{repo}/issues"), so the agent would ingest untrusted third-party pages/issues whose text could materially influence subsequent actions.