github-modes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and read user-generated GitHub content (e.g., "gh pr diff", "gh pr view", "gh api repos/:owner/:repo/contents/file.md" and listing issues/PRs) from public repositories, which the skill then uses to drive automated reviews, triage, and merges—exposing it to untrusted third-party content that could inject instructions.