pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and reads user-generated GitHub content (e.g., existing PR descriptions and metadata via gh pr list, gh repo view, and gh api), and uses that content when regenerating or editing PR titles/bodies, so untrusted third-party text can influence the agent's outputs and actions.