github-investigator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly directs using the gh CLI to search and fetch Issue/PR bodies, comments, reviews, files and timelines from GitHub repositories (public, user-generated content) which the agent is expected to read and summarize, so untrusted third‑party content can materially influence its actions.