github

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and interprets user-generated content from public GitHub (see SKILL.md entries like "Viewing CI/workflow run status and logs" and commands such as gh pr view, gh run view, and gh api) and the gh-skill.sh script invokes those commands, meaning untrusted third-party PRs/comments/logs could influence tool use and decisions.