github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and parse public, user-generated GitHub content (e.g., PRs, issues, review thread comments, public gists) via gh/gh api/GraphQL as shown in SKILL.md and github.md (e.g., "gh pr view --json ...", GraphQL queries to get reviewThreads, "gh gist list --public"), and the agent is expected to read and act on that content (resolve threads, rerun jobs, create/update PRs), so untrusted third-party content can influence actions.