pr-prep

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's required "Git Archaeology"/"Context Discovery" workflow in SKILL.md (e.g., references/case-study-historical-context.md and the workflow steps) explicitly uses commands like gh pr list and examines PR history on GitHub, which fetches public, user-generated third-party content that the agent is expected to read and that can materially influence PR decisions and actions.