erk-exec

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly lists commands that fetch and inject GitHub/PR/issue/discussion content and remote session files (e.g., get-pr-review-comments, get-pr-discussion-comments, get-issue-body, fetch-sessions, download-remote-session) — all untrusted, user-generated third‑party content that the agent is expected to read and use to drive actions like resolving threads, posting comments, or deciding next steps.