using-gh-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read arbitrary GitHub content (e.g., using gh repo clone and the Explore agent per SKILL.md/references/repos-and-files.md, and gh api to read PR comments and issue bodies per references/pull-requests.md and references/issues.md), which are user-generated/public third-party contents the agent will ingest and interpret.