catchup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly runs "gh pr list --state open" and "gh pr list --state draft" to fetch and read GitHub pull requests (user-generated, potentially public third‑party content) which the agent will interpret to determine status and next actions, so external PR content could materially influence behavior.