gh

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill issues GitHub CLI commands that view and fetch public repositories, pull requests, issues, and release notes (e.g., "gh repo clone", "gh pr view", "gh issue view", "gh release view"), which are user-generated, public third‑party content the agent would read and could carry indirect prompt injection.