git-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly calls bun gh-tool PR commands in SKILL.md (e.g., "bun gh-tool pr review-triage", "bun gh-tool pr issue-comments", and threads/checks/logs calls) to fetch and parse user-generated GitHub PR comments and AI reviewer outputs and then instructs the agent to act on those comment bodies, exposing it to untrusted third-party content that can influence actions.