qe-github-multi-repo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows explicitly call out fetching and cloning repositories and repository contents from GitHub (e.g., gh search repos "language:javascript...", gh repo list ..., gh api repos/:owner/:repo/contents/package.json, and gh repo clone ...) which ingests untrusted/user-generated third‑party content and uses that content to decide and drive automated actions (tests, PR creation, dependency updates), enabling indirect prompt-injection risk.