blocklet-branch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill calls the GitHub CLI to list recent PRs (e.g., "gh pr list --repo $ORG/$REPO --state merged --limit 10 --json baseRefName" and "--json headRefName") and parses PR target/source branch names and stats, which are untrusted, user-generated content from public GitHub repositories that the agent directly reads and interprets to determine main branch and naming conventions.