github-dashboard

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the agent to run "gh api notifications", "gh pr list", and "gh issue list", which fetch and have the agent read user-generated GitHub notifications, PRs, and issues (untrusted third‑party content) that are then used to decide actions, enabling indirect prompt injection.