reconcile-merge-conflicts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly allows remote read-only git/GitHub operations and instructs the agent to "inspect ... related PR discussion when available" (Step 3 and Safety rules), meaning it will fetch and interpret untrusted, user-generated third-party content that can influence reconciliation decisions.