gh-reference

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs running gh commands (e.g., gh issue view, gh pr view, gh repo view, gh api ...) that fetch and display content from public GitHub repositories, issues, PRs, and API endpoints — user-generated, untrusted third-party content that the agent would read and could influence subsequent decisions.