decompose-pr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to fetch and read PR descriptions and diffs from GitHub (e.g., "gh pr view ", "gh pr diff ", and "git fetch origin "), which are user-generated, third‑party content that the agent must interpret to plan and execute git actions.