pr-implement

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill's Phase -1 Prior Work Check explicitly runs GitHub queries (e.g., "gh pr list" and "gh issue view" in SKILL.md) to read open PRs/issues (user-generated public content) and uses those results to block or proceed, so untrusted third-party content can materially influence actions.