git-get-notification

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs using gh api to fetch GitHub notifications, recent Issues, and PRs (Step 2–4), which are public, user-generated third-party contents (issues/PRs/comments) that the agent reads and uses to prioritize and decide what to show, enabling indirect prompt-injection via those texts.