gh-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill documents commands such as "gh issue view", "gh pr view", "gh gist view", "gh repo view", "gh search", "gh api", and "gh browse" that fetch and display arbitrary public GitHub content (issues, PRs, gists, repository pages and API responses), which are untrusted, user-generated third-party sources the agent is expected to read/interpret.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt includes installation and configuration commands that use sudo and modify system files (e.g., writing to /usr/share/keyrings and /etc/apt/sources.list.d) and suggests insecure auth/storage options, which would cause an agent to change the host system state if executed.