gh-pr-check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill runs "gh pr list --head ... --json ..." (and fetches from origin) to ingest GitHub PR data — public, user-generated content — and explicitly parses that data in its workflow to decide statuses and next actions, so untrusted third-party content can influence behavior.