Command Development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows (e.g., SKILL.md and advanced-workflows examples) explicitly run GitHub CLI/API commands like !gh pr view $1 --json title,body,author,files`` and gh api /deployments/$1 and read referenced repository/PR files, which ingest user-generated third‑party content (PRs/files) that the agent then reads and uses to decide actions (reviews, approvals, launches), creating a clear path for indirect prompt injection.