github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs running gh CLI and gh api commands (e.g., "gh issue view --comments", "gh pr view", "gh api repos/owner/repo/issues", "gh run view --log") that fetch and require interpreting public, user-generated GitHub content (issues, PRs, comments, logs), which could contain untrusted instructions influencing agent actions.