gh-issue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly uses the GitHub CLI (gh issue view) to fetch and read GitHub issue descriptions and comments (public, user-generated content) and instructs the agent to interpret and act on that content (plan changes, run tools, create PRs), which could enable indirect prompt injection.