gh-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly instructs use of the gh CLI to access GitHub content (repositories, pull requests, issues, raw file URLs and API endpoints) as part of its workflow (see SKILL.md guidance and examples), which clearly exposes the agent to untrusted, user-generated third-party content on GitHub that could influence actions.