erk-exec

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes commands that fetch and inject user-generated GitHub content (e.g., get-pr-review-comments, get-pr-discussion-comments, get-issue-body, get-pr-view in reference.md) and explicitly states this content is used for "agent context injection" and follow-up actions, so untrusted third-party page text could influence tool behavior.