pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to read GitHub pull request descriptions via "gh pr view --json title,body", which are public, user-generated PR bodies on GitHub that the agent must interpret and use to decide or edit PR content, creating a clear vector for indirect prompt injection.