ship

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill directly uses the GitHub CLI (e.g., gh pr checks, gh pr create, gh pr merge) to read CI check results and PR state from GitHub — untrusted, user-generated third-party content — and those check results and PR data are used to decide whether to merge and release, so third-party content can influence agent actions.