bootstrap-checks-from-prs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts (notably scripts/collect_prs.py) call the GitHub API/gh to fetch merged PR data including PR bodies, review comments, issue comments, and file patches (e.g., /repos/{repo}/pulls, /pulls/{number}/comments, /issues/{number}/comments), and downstream scripts (scripts/extract_rule_candidates.py and scripts/generate_check_drafts.py) directly read and interpret that untrusted, user-generated content to produce and write check files that drive agent actions.