gh-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows (SKILL.md and references/remote-analysis.md and comparison.md) explicitly instruct using gh api to fetch and decode files from arbitrary public GitHub repositories (e.g., "gh api repos/OWNER/REPO/contents/path/file.ts"), meaning untrusted, user-generated content on GitHub is read and used to drive analysis and decisions.