github-pr-triage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches GitHub PR data (via scripts/gh_fetch.py and gh CLI commands in Phase 1 and the per-PR task prompts) — including PR bodies, comments, reviews and files — and feeds that user-generated, third-party content into background-task prompts for analysis, exposing the agent to untrusted external input that could enable indirect prompt injection.