gh

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core workflow (SKILL.md) instructs the agent to browse and list public GitHub repositories and pull requests (e.g., "x gh repo app", "x gh pr ls"), meaning it fetches and interprets user-generated content from GitHub which can materially influence actions.