enter-merge-queue

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and processes user-generated GitHub PR review threads, bot responses, and security alert content (e.g., via ./scripts/agents/tooling/agentTool.ts getReviewThreads, getPrInfo, getCodeScanningAlert and related calls) and explicitly uses Gemini/Copilot/GHAS comment text to decide fixes, replies, dismissals, and merge actions, so untrusted third‑party content can materially influence agent behavior.