crane-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (ALIGHT phase) explicitly fetches PR metadata and the full diff via commands like "gw gh pr view {number}" and "gw gh pr diff {number}", meaning it ingests user-generated GitHub PR content (untrusted third-party text) which the agent reads and uses to drive compliance findings and follow-up actions, creating potential for indirect prompt-injection.