github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly instructs the agent to fetch and read public GitHub content (e.g., "gh run view --log-failed" and "gh api repos/owner/repo/pulls/55"), which exposes untrusted, user-generated PRs/issues/logs that the agent is expected to interpret and that could materially influence subsequent actions.