cherry-pr-test

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The workflow explicitly fetches and reads public GitHub PRs and changed files via gh pr list / gh pr view / gh pr checkout (user-contributed, untrusted content) and instructs the agent to use those PR descriptions and file changes to decide what UI tests and actions to run, so third-party content can materially influence behavior.