gh-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill exposes the agent to public, user-generated GitHub content (issues, PRs, gists, repository files, search results and arbitrary API responses) via commands like "gh issue view", "gh pr view", "gh gist view", "gh repo view/clone", "gh browse" and "gh api", which the agent is expected to fetch and interpret as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt contains explicit installation commands using sudo that write to system locations (e.g., /usr/share/keyrings and /etc/apt/sources.list.d) and run apt install, which require elevated privileges and modify the machine state.