blitz-merge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs subagents to run the /pr-review-fixer in Phase 2 (see Step 2.2), which fetches unresolved GitHub PR comments and CI failures (user-generated, third-party content) and uses those comments to determine and apply fixes and loop/merge decisions, thereby exposing the agent to untrusted content that can influence actions.