github-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests user-generated GitHub content via the GitHub CLI (e.g., "gh pr list", "gh pr view", commit messages, branch names and PR bodies) and then reads/parses those PR titles/bodies/commits to map initiatives and drive syncs and metadata updates per SKILL.md, so untrusted third-party content can materially influence agent decisions.