github-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to run gh commands that view and search GitHub repositories, issues, PRs, and code (e.g., "gh issue view", "gh pr view", "gh search code" in the Instructions and Examples), which are public, user-generated third‑party contents that the agent is expected to read and could materially influence actions like merging, closing, or creating items.