arinhub-verify-pr-implementation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill retrieves and parses user-generated GitHub content (PR bodies, linked issue descriptions, and diffs) via commands like "gh pr view", "gh issue view", and "gh pr diff", so the agent will read untrusted third-party text that could contain indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches PR and issue content at runtime (e.g., https://github.com/owner/repo/pull/123 and linked issue URLs like https://github.com/owner/repo/issues/N) and injects that external GitHub content into its analysis, so the fetched content directly controls the agent's prompts and is required for the skill to run.