pr-prep

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow and references (SKILL.md and references/case-study-historical-context.md) explicitly run commands like gh pr list, git log, and git show against external repositories/GitHub to gather PRs and commit history and then synthesize that user-generated content into the PR body and decisions, so untrusted third-party content can materially influence subsequent actions.