github-gh

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md directs the agent to use the gh CLI and gh api to fetch PRs, issues, workflow runs, and logs from GitHub — public, user-generated content (PR descriptions, comments, logs) that the agent is expected to read and that can materially influence decisions or follow-up actions, enabling indirect prompt injection.